Virtumonde and Smitfraud

Hi

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {D237AE76-2C1D-4DEB-AD52-3DFBDFC029C2} - (no file)
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwup.dll,startup
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O20 - Winlogon Notify: jkkji - C:\WINDOWS\
O20 - Winlogon Notify: pmnllll - C:\WINDOWS\
O20 - Winlogon Notify: StillImage - C:\WINDOWS\
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\
O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\
O20 - Winlogon Notify: winjks32 - C:\WINDOWS\
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

Close all windows including browser and press fix checked.

Reboot

Post a fresh HijackThis log.
 
Logfile of HijackThis v1.99.1
Scan saved at 1:33:15 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Games\Desktop\scanner.exe.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24f2d1f86d2f22fe6b06/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi

Open HijackThis, click do a system scan only and checkmark this:

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)

Close all windows including browser and press fix checked.

Reboot

Delete this:

C:\bsgvjmep.exe

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 14, 2007 11:56:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 15/06/2007
Kaspersky Anti-Virus database records: 346853
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 101960
Number of viruses found: 38
Number of infected objects: 139
Number of suspicious objects: 0
Duration of the scan process: 01:49:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6ccffeebf26f3b53bf560ce3ebc894a3_86a95731-ac6a-4138-9e65-1568d521f131 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\946f290e786381d3225bb1101d45fab7_86a95731-ac6a-4138-9e65-1568d521f131 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87597c2bd92cecd42067219e4eb14c62_86a95731-ac6a-4138-9e65-1568d521f131 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff10bef4f9389c2d059ca9a726a90678_86a95731-ac6a-4138-9e65-1568d521f131 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Games\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Games\Desktop\backups\backup-20070610-152134-788.dll Infected: Trojan.Win32.BHO.bd skipped
C:\Documents and Settings\Games\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Games\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Games\Local Settings\History\History.IE5\MSHist012007061420070615\index.dat Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Temp\~DFB681.tmp Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Temp\~DFB694.tmp Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Temp\~DFF9D5.tmp Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Temp\~DFF9E6.tmp Object is locked skipped
C:\Documents and Settings\Games\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Games\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Games\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jheru\Local Settings\Temp\hsperfdata_Jheru\2160 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hsperfdata_Owner\3084 Object is locked skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc111.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc112.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc114.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc1280.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc1285.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc2010.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc2010.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc2014.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc2018.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\java.jar-7e09d0a6-2be049cf.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\java.jar-7e09d0a6-2be049cf.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\java.jar-7e09d0a6-2be049cf.zip ZIP: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\loaderadv493.jar-1661bf12-28f720e2.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\loaderadv493.jar-1661bf12-28f720e2.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\loaderadv493.jar-1661bf12-28f720e2.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3095\v1.0\jar\loaderadv493.jar-1661bf12-28f720e2.zip ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-160dd9ae-5aec0d2f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-160dd9ae-5aec0d2f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-160dd9ae-5aec0d2f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-160dd9ae-5aec0d2f.zip ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-516ac74a-7b14ad5f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-516ac74a-7b14ad5f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-516ac74a-7b14ad5f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc3097\v1.0\jar\count.jar-516ac74a-7b14ad5f.zip ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc508.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc513.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc518.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc522.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc525.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\RECYCLER\S-1-5-21-1659004503-1085031214-682003330-1004\Dc525.exe NSIS: infected - 1 skipped
 
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP890\A0335693.dll Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP890\A0335695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP890\A0335702.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP890\A0335704.dll Infected: not-a-virus:AdWare.Win32.Comet.bd skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336039.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ek skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336146.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336157.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336160.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336162.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336164.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336167.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336168.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336173.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336175.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336179.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336184.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336192.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336212.dll Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336214.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336225.dll Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336227.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336309.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336374.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336392.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336393.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336394.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336397.dll Infected: Trojan-Spy.Win32.Agent.ps skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336423.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336424.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP891\A0336425.exe Infected: Trojan-Downloader.Win32.Tiny.he skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP892\A0340454.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP892\A0340455.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP892\A0340571.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340785.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340786.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340788.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340790.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340791.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340802.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340803.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340810.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340811.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340863.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340864.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340865.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340865.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340865.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340865.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340865.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340866.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340866.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340866.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340866.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340866.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP893\A0340867.exe Infected: not-a-virus:AdWare.Win32.Agent.bm skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP894\A0340941.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP894\A0340942.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP894\A0340944.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP894\A0340945.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP894\A0340964.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341399.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341400.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341401.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341401.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341401.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341402.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341402.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341402.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341403.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341404.exe Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341405.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341406.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341407.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341408.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341409.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341410.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341410.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341411.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341421.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341422.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341424.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341425.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341426.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341427.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341427.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341427.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341428.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341428.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341428.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341429.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341431.exe Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341432.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341433.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341434.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341435.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341436.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341437.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341438.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP896\A0341438.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP899\A0341733.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{4A1605D5-CBD0-41CB-8CE0-8DD162DC6F2D}\RP899\change.log Object is locked skipped
 
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll.000 Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DONNA.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8797.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0378f.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT071ba.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Logfile of HijackThis v1.99.1
Scan saved at 12:00:40 AM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Games\Desktop\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24f2d1f86d2f22fe6b06/netzip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\R_SERVER.EXE" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hi

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Remote Administrator Service (r_server)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete r_server
Click: OK

Reboot

Post a fresh HijackThis log.
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top