Nasty Virus: Browser Helper Object (BHO) / IE Hijacker / Trojan

K

kileyp

New member
Greetings,

I've got a nasty virus with the following characteristics (Hijack This logfile also pasted below):

  • Cannot launch IE explorer... so no internet access
  • Cannot install Spybot
  • SpywareGuard identifies a neverending stream of BHO alerts (usually located under C:\Windows\system32\hGVnNhij.dll
  • Spysweeper identifies the following viruses, but cannot remove them, including:

  1. Adware found: coolwebsearch (cws)
  2. Adware found: submithook
  3. Adware found: cws gonnasearch
  4. Adware found: cws_cassandra
  5. Adware found: tubby toolbar
  6. Adware found: zenosearchassistant
  7. Adware found: virtumonde
  8. Trojan downloader

Various pop-ups that warn of computer viruses, such as:

  • Internet attack attempt detected: Somebody's trying to infect your PC with spyware or harmful viruses. Run FULL SYSTEM SCAN..."
  • Windows Security Center system warning: Alert details file: qtasks.exe; Threat: CoolWebSearch; To remove detected threat you need to update windows antispyware protection. Click here to visit Windows Security Center web site...
  • Your Security and prvacy are at risk! Spyware has been detected on you computer! Click here to run a FULL SYSTEM SCAN to protect your data...
  • Replaced my background with permanent wallpaper that says "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommened to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats. Click Here to scan your PC for Spyware...
  • Warning: Your comnputer is infected with spyware! Help to protect your computer and remove spyware! Click here for more information...
  • Web page unavailable while offline: The Web page you requested is not available offline. To view this page, click Connect.
  • Windows Security Center system warning; Alert details; File: clrssn.exe; Threat: CoolWebSearch; Possible spyware infection has been detected on your computer by Windows Security Center. To remove detected threat you need to update Windows antispyware protection...
  • Internet attach attempt detected: Somebody's trying to infect your PC with spyware or harmful viruses. Run FULL SYSTEM SCAN to protect your system from Internet attacks, hijacking attempts and spyware. Click here for the list of available security updates...
  • Your computer is working slowly. Slow operation speed might have been caused by spyware. Download the latest...
  • Windows Security Center: Possible spyware infection detected. You need to update Windows antispyware protection to remove detected spyware from your computer. Click here for details...; Threat Name: Trojan Downloader.XS Risk Level (picture of 5 red boxes). Resources: How to remove: TrojanDownloader.XS; To remove detected threat please click here...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SafeSweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,bbngxeh.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{40-0D-DF-F4-DW}] "C:\windows\system32\rwwnw64d.exe" DWram02FF
O4 - HKLM\..\Run: [40a40d5b] rundll32.exe "C:\WINDOWS\system32\ushjuchq.dll",b
O4 - HKLM\..\Run: [{f296f323-400c-b224-4cdf-7abf369098a7}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntptdm.exe DWram02FF
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooff] C:\Program Files\Common Files\ooff\ooffm.exe
O4 - HKCU\..\Run: [vkbqo] C:\WINDOWS\system32\avpxny.exe reg_run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Policies\Explorer\Run: [{40A40DF4-031D-1033-1223-040826040001}] "C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntptdm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8753 bytes
 
Trojan clarification

To clarify, the Trojan found by SpySweeper is:

Trojan Horse found: trojan.gen

Please help!!!
 
Please help

Just trying to get this moved back up on the list. Anyone out there with ideas on how to fix this?
 
kileyp said:
Just trying to get this moved back up on the list. Anyone out there with ideas on how to fix this?
Click to expand...

Hello kileyp,

Apprantly you missed the forum stickies.

In particular:
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

Please do not bump your thread, it will set your post date forward and add to your post count in the thread. Leading our volunteers to believe you are already being helped because they look for topics with no replies.
Click to expand...
Topics started over a weekend/holiday may experience delay, as volunteer helpers also spend time with family etc.
Click to expand...

Aside from which, the forum is busy and others have been waiting longer than a day, more victims than analysts at all help sites.

Regards.
 
Fresh Hijack This log file

Thanks so much for taking a look at this! Here is a fresh log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06 AM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\444.470
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\tcntptdm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,bbngxeh.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{40-0D-DF-F4-DW}] "C:\windows\system32\rwwnw64d.exe" DWram02FF
O4 - HKLM\..\Run: [40a40d5b] "rundll32.exe" "C:\WINDOWS\system32\ushjuchq.dll",b
O4 - HKLM\..\Run: [{f296f323-400c-b224-4cdf-7abf369098a7}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] "C:\WINDOWS\system32\tcntptdm.exe" DWram02FF
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooff] C:\Program Files\Common Files\ooff\ooffm.exe
O4 - HKCU\..\Run: [vkbqo] C:\WINDOWS\system32\avpxny.exe reg_run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Policies\Explorer\Run: [{40A40DF4-031D-1033-1223-040826040001}] "C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntptdm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10145 bytes
 
Hi :)


Disable SpySweeper's realtime protection.
  • Open Spysweeper and click on Options
  • Choose Program Options and uncheck
    load at windows
    startup
    .
  • On the left click
    shields
    and then uncheck everything.
  • Uncheck
    home page shield
    .
  • Uncheck
    automatically restore default without notification
    .
  • Exit the program.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
 
Combo Fix not launching

Hello,

I disabled all SpySweeper shields. However, Combofix will not launch from the infected computer.

Since I do not have internet access on the infected computer, I downloaded Combofix to the desktop of my healthy computer, copied it to a jump drive, and moved it to the desktop of my infected computer and double clicked. Nothing happens. I also tried a right click and "open as", and disabled the virus protection option. But that did not work either.

However, when I attempt to launch combofix from my healthy computer, it works. This is exactly what happened when I tried to load Spybot on my infected computer.

Any other ideas?
 
Hi

Rename ComboFix.exe -> ComboFxx.exe and then try running again.
 
ComboFix and Hijack This Logs

Computer is looking a lot better... but Spyware Guard did pick up a few DLL warnings upon restart.

Combofix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-01 16:17:47.1 - NTFSx86
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\#SharedObjects\77HEMU9G\interclick.com
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\#SharedObjects\77HEMU9G\interclick.com\ud.sol
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\{40A40~1
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\444.470
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\newname.dat
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\byXNeFvV.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ddcApMgG.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hGVnNhij.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hssjyvdq.dll
C:\WINDOWS\system32\iifCuTNF.dll
C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll
C:\WINDOWS\system32\jihNnVGh.ini
C:\WINDOWS\system32\jihNnVGh.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qdvyjssh.ini
C:\WINDOWS\system32\qhcujhsu.ini
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\tcntptdm.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\system32\ushjuchq.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-13 01:19 . 2008-07-13 01:19 64,332 --a------ C:\WINDOWS\system32\lufhyfanuj.exe
2008-07-13 01:17 . 2008-07-13 01:17 152,265 --a------ C:\WINDOWS\system32\g25.exe
2008-07-12 13:50 . 2008-07-12 13:50 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-07-12 13:48 . 2004-08-04 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-12 13:47 . 2008-07-13 13:25 <DIR> d-------- C:\WINDOWS\system32\sfig
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\provdll
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\olixds18
2008-07-12 13:47 . 2008-07-13 13:25 <DIR> d-------- C:\WINDOWS\system32\OBDE
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\imp32
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\Temp\stmpv4
2008-07-12 13:47 . 2008-08-01 16:23 <DIR> d-------- C:\Temp
2008-07-05 01:15 . 2008-07-05 01:15 32,768 --a------ C:\WINDOWS\system32\olixds18\olixds182328.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S1 mrxdavv;mrxdavv;C:\WINDOWS\system32\drivers\mrxdavv.sys []
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ooff - C:\Program Files\Common Files\ooff\ooffm.exe
HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
HKLM-Run-{40-0D-DF-F4-DW} - C:\windows\system32\rwwnw64d.exe
HKLM-Run-40a40d5b - C:\WINDOWS\system32\ushjuchq.dll
HKLM-Run-{f296f323-400c-b224-4cdf-7abf369098a7} - C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll
HKCU-Explorer_Run-{40A40DF4-031D-1033-1223-040826040001} - C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe
ShellExecuteHooks-{FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
Notify-opNHXnop - opNHXnop.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HPHUPD05 - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
MSConfigStartUp-NAV CfgWiz - C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://login.yahoo.com/config/login?.src=fpctx&.done=http://www.yahoo.com&rl=1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 16:57:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-01 17:04:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 21:04:27

Pre-Run: 40,964,628,480 bytes free
Post-Run: 43,622,240,256 bytes free

309 --- E O F --- 2008-06-22 21:21:54



Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9351 bytes
 
Looks better but there's still work left to do.



Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
mrxdavv

File::
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys

Folder::
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\imp32
C:\Temp\stmpv4

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScript.gif


Refering to the picture above, drag CFScript into ComboFxx.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:​
  • Extended (If available, otherwise Standard)
Scan Options:​
  • Scan Archives
  • Scan Mail Bases
  • Click OK.
  • Under
    select a target to scan
    , select My Computer.
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
Once the scan is complete:
  • Click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
 
Combofix Failed

Hi,

ComboFix ran and got stuck on "stage 40 completed". I waited about 10 minutes, and tried pressing "ctrl + alt + del"... but it had no effect. I tried it again 10 minutes later... and same result. I let it run overnight... and this morning it was still stuck on stage 40 completed... ctrl alt del still didn't work. I shut down manually and restarted.... Combofix did not post a log of any sort. Any ideas on what I should do next?
 
Hi

Try running ComboFix with following CFScript in safe mode:
Code: 
KILLALL::

Driver::
mrxdavv

File::
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys

Folder::
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\imp32
C:\Temp\stmpv4

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
 
Last edited:
Log Files

Looks like it is still infected:

Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54


Kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today →.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today →.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes
 
Log Files

Looks like it is still infected :sad: Here are the three logs:

Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54


Kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today →.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today →.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes
 
Log Files

Looks like it is still infected :sad: Logs are too big for one posting. Will post separately.


Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54
 
Kapersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today →.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today →.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep & gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hijack This Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes
 
Hi

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BearShare


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\MUSIC\Bear Share
C:\Program Files\BearShare

Empty Recycle Bin.

After that:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
Main

Deckard's System Scanner v20071014.68
Run by kileyp on 2008-08-05 21:09:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-08-06 01:09:45 UTC - RP554 - Deckard's System Scanner Restore Point
26: 2008-08-03 13:00:34 UTC - RP553 - Software Distribution Service 3.0
25: 2008-08-03 01:41:36 UTC - RP552 - Software Distribution Service 3.0
24: 2008-08-02 05:06:57 UTC - RP551 - ComboFix created restore point
23: 2008-08-01 20:11:07 UTC - RP550 - ComboFix created restore point


-- First Restore Point --
1: 2008-07-13 20:12:15 UTC - RP528 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as kileyp.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\kileyp\Desktop\DSS.exe
C:\DOCUME~1\kileyp\Desktop\kileyp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9520 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 ATNT40K (ActiveTouch NT Appsharing Driver) - c:\windows\system32\drivers\atnt40k.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - "c:\program files\iss\isssensors\desktopprotection\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems Inc. blackd>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S3 RapApp - "c:\program files\iss\isssensors\desktopprotection\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems, Inc. Rap Protection System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 14:22:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-03-09 22:31:34 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-02 18:04:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-02 18:04:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-01 16:10:00 68096 --a------ C:\WINDOWS\zip.exe
2008-08-01 16:10:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-01 16:09:59 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-01 16:09:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-01 16:09:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-01 16:09:59 98816 --a------ C:\WINDOWS\sed.exe
2008-08-01 16:09:59 80412 --a------ C:\WINDOWS\grep.exe
2008-08-01 16:09:59 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-25 12:35:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35:20 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30:28 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:29:58 0 d-------- C:\Program Files\Webroot
2008-07-25 09:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:16:01 0 d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25:41 0 d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39:21 0 d-------- C:\Webroot
2008-07-13 13:32:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-07-13 13:26:12 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-07-13 13:26:12 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-13 13:25:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-13 13:25:45 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-12 13:54:39 4718592 --a------ C:\Documents and Settings\kileyp\ntuser.dat
2008-07-12 13:49:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-12 13:47:10 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-08-02 17:39:57 0 d-------- C:\Program Files\Common Files
2008-07-13 16:46:09 0 d-------- C:\Program Files\SpywareBlaster
2008-07-13 00:54:03 0 d-------- C:\Program Files\Quicken


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [02/25/2005 03:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 08:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [04/07/2004 03:22 PM C:\WINDOWS\system32\nwiz.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [03/01/2004 01:05 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [07/30/2004 09:33 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 06:23 PM]
"AGRSMMSG"="AGRSMMSG.exe" [01/30/2004 03:01 AM C:\WINDOWS\AGRSMMSG.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 09:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [09/07/2006 03:51 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [8/3/2006 4:00:18 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2/21/2006 9:24:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
AutoRun\command- E:\DTSP_Launcher.exe




-- End of Deckard's System Scanner: finished at 2008-08-05 21:13:54 ------------
 
You must log in or register to reply here.
Back
Top