21 replies to this topic

[Bugged]

About two months ago, I got infected. How, I don't know but they did a damn good job. I've tried everything I know to rid myself of these criminals but no luck.

It started as badgering emails to purchase a drive cleaner and one of my co-workers got so frustrated he actually purchased it! Probably set us up as suckers. Anyway, I get pop-ups, redirects, and mysterious windows that "appear" over my focus page.

Anyway, here's my HT logfile and I sure would appreciate any help.

Mark

HJT:

(start)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:20:14 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Mitchell1\Manager\Series2\Program\Series20.exe

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 1418 bytes

(stop)

[rridgely]

Welcome to the forum.
Are you sure you got the entire hijackthis log when you copied and pasted? Please run it again just to double check.(and post it)

[Bugged]

rridgely, on May 9 2007, 05:36 PM, said:

Welcome to the forum.
Are you sure you got the entire hijackthis log when you copied and pasted? Please run it again just to double check.(and post it)

Thank you for the welcome -- I think it's really fine what you guys do.

Yes, I got the entire log. Part of the reason it's so short is because we have -- probably indiscriminately -- eliminated a bunch of stuff we thought was causing the problem(s). Anyway, here’s the most recent:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:43:38 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Mitchell1\Manager\Series2\Program\Series20.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 1388 bytes

[rridgely]

Alright lets run this tool then:

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Post the combofix log and a new hijackthis log.

[Bugged]

rridgely, on May 9 2007, 06:10 PM, said:

Alright lets run this tool then:

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Post the combofix log and a new hijackthis log.

As you requested sir:

"Abercrombie" - 2007-05-09 13:32:09 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Abercrombie\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pep.exe.exe
C:\DOCUME~1\ABERCR~1\APPLIC~1\Install.dat
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\Program Files\DeskAlerts\cancel_button.gif
C:\Program Files\DeskAlerts\history.html
C:\Program Files\DeskAlerts\hs_delete.bmp
C:\Program Files\DeskAlerts\hs_search.bmp
C:\Program Files\DeskAlerts\notify.wav
C:\Program Files\DeskAlerts\save_button.gif
C:\Program Files\DeskAlerts\title_back.gif
C:\WINDOWS\system32\bszip.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\IExplorer.dll .dbt
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\bund1
C:\Program Files\DeskAlerts
C:\WINDOWS\system32\drivers\core.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_WINCOM32
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-03 13:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-05-03 13:48 983,092 --a------ C:\WINDOWS\system32\lxcjgf.dll
2007-05-03 13:48 86,016 --a------ C:\WINDOWS\system32\lxcjcub.dll
2007-05-03 13:48 770,048 --a------ C:\WINDOWS\system32\lxcjhbn3.dll
2007-05-03 13:48 73,728 --a------ C:\WINDOWS\system32\lxcjcu.dll
2007-05-03 13:48 704,512 --a------ C:\WINDOWS\system32\lxcjcomc.dll
2007-05-03 13:48 69,632 --a------ C:\WINDOWS\system32\lxcjcfg.dll
2007-05-03 13:48 630,784 --a------ C:\WINDOWS\system32\lxcjpmui.dll
2007-05-03 13:48 491,520 --a------ C:\WINDOWS\system32\lxcjlmpm.dll
2007-05-03 13:48 491,520 --a------ C:\WINDOWS\system32\lxcjcoms.exe
2007-05-03 13:48 430,080 --a------ C:\WINDOWS\system32\lxcjutil.dll
2007-05-03 13:48 413,696 --a------ C:\WINDOWS\system32\lxcjcomm.dll
2007-05-03 13:48 40,960 --a------ C:\WINDOWS\system32\lxcjvs.dll
2007-05-03 13:48 372,736 --a------ C:\WINDOWS\system32\lxcjih.exe
2007-05-03 13:48 368,640 --a------ C:\WINDOWS\system32\lxcjcfg.exe
2007-05-03 13:48 36,864 --a------ C:\WINDOWS\system32\lxcjcur.dll
2007-05-03 13:48 196,608 --a------ C:\WINDOWS\system32\lxcjinsb.dll
2007-05-03 13:48 155,648 --a------ C:\WINDOWS\system32\lxcjprox.dll
2007-05-03 13:48 155,648 --a------ C:\WINDOWS\system32\lxcjins.dll
2007-05-03 13:48 126,976 --a------ C:\WINDOWS\system32\lxcjjswr.dll
2007-05-03 13:48 114,688 --a------ C:\WINDOWS\system32\lxcjpplc.dll
2007-05-03 13:48 106,496 --a------ C:\WINDOWS\system32\lxcjinsr.dll
2007-05-03 13:48 1,183,744 --a------ C:\WINDOWS\system32\lxcjserv.dll
2007-05-03 13:48 1,122,304 --a------ C:\WINDOWS\system32\lxcjusb1.dll
2007-05-03 13:47 <DIR> d-------- C:\Program Files\Lexmark 8300 Series
2007-05-02 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-02 08:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-02 08:37 <DIR> d-------- C:\DOCUME~1\ABERCR~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-01 17:56 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-04-30 15:18 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-04-13 17:51 2,953,216 --a------ C:\DOCUME~1\ABERCR~1\ntuser.dat
2007-04-13 09:41 <DIR> d-------- C:\WINDOWS\pss
2007-04-13 09:26 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-04-13 09:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-04-13 09:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-04-13 09:18 <DIR> d-------- C:\Program Files\PCPitstop
2007-04-09 08:36 106,767 --a------ C:\WINDOWS\vttqnl.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-07 16:56:12 -------- d-----w C:\Program Files\InterActual
2007-05-03 18:51:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-27 21:33:20 72,831 ----a-w C:\WINDOWS\system32\duo.exe
2007-04-02 21:08:49 7,286 ----a-w C:\WINDOWS\system32\smt.exe
2007-04-02 21:08:49 59,904 ----a-w C:\WINDOWS\system32\grlib.dll
2007-04-01 21:18:02 53,334 ----a-w C:\WINDOWS\system32\awtsq.exe
2007-03-30 21:39:08 7,471 ----a-w C:\WINDOWS\system32\ddb.exe
2007-03-30 21:39:07 7,471 ----a-w C:\WINDOWS\system32\sca.exe
2007-03-30 20:16:08 -------- d-----w C:\Program Files\QuickTime
2007-03-30 20:14:26 64,000 ----a-w C:\WINDOWS\system32\mdxfnzj.dll
2007-03-30 17:10:37 0 ----a-w C:\svcipa.exe
2007-03-21 13:48:10 8,504 ----a-w C:\WINDOWS\system32\mljggee.dll
2007-03-19 19:59:14 8,535 ----a-w C:\WINDOWS\system32\mlljjge.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-14 21:42:26 27,227 ----a-w C:\WINDOWS\system32\ssttr.exe
2007-03-14 21:37:22 8,171 ----a-w C:\WINDOWS\system32\jkklmki.dll
2007-03-13 21:00:55 -------- d-----w C:\DOCUME~1\ABERCR~1\APPLIC~1\Viewpoint
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EzPrint"="\"C:\\Program Files\\Lexmark 8300 Series\\ezprint.exe\""


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
DcomLaunch DcomLaunchTermService\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-09 13:37:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-09 13:38:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-09 13:38

[rridgely]

Post another hijackthis log please.

[Bugged]

rridgely, on May 9 2007, 06:52 PM, said:

Post another hijackthis log please.

Here you go!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:54:51 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcjPSWX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{72CD4~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{72CD4~1\reboot.ini -l0x9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 1863 bytes

[rridgely]

Thank you, your going to need to run a few scans:

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Post a bitdefender scan log, a superantispyware scan log, and a new hijackthis log taken after both scans.

[Bugged]

rridgely, on May 9 2007, 07:00 PM, said:

Thank you, your going to need to run a few scans:

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Post a bitdefender scan log, a superantispyware scan log, and a new hijackthis log taken after both scans.

Working on getting the logs will be about an hour before all logs are completed!

Thanks

[Bugged]

rridgely, on May 9 2007, 07:00 PM, said:

Thank you, your going to need to run a few scans:

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Post a bitdefender scan log, a superantispyware scan log, and a new hijackthis log taken after both scans.

First scan completed here is the log working on the others: Sorry about the format of it but it was the one it generated

BitDefender Online Scanner







Scan report generated at: Wed, May 09, 2007 - 15:26:46



Scan path: C:\;D:\;E:\;



Statistics

Time


01:11:29

Files


515183

Folders


5645

Boot Sectors


5

Archives


4008

Packed Files


74372







Results

Identified Viruses


16

Infected Files


76

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


76







Engines Info

Virus Definitions


505294

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\!KillBox\ctlc32.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\!KillBox\ctlc32.dll


Disinfection failed

C:\!KillBox\ctlc32.dll


Deleted

C:\!KillBox\ctlc32.dll( 1)


Infected with: Trojan.Downloader.ConHook.AI

C:\!KillBox\ctlc32.dll( 1)


Disinfection failed

C:\!KillBox\ctlc32.dll( 1)


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>BaaaaBaa.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>BaaaaBaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>BaaaaBaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>VaaaaaaaBaa.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>VaaaaaaaBaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>VaaaaaaaBaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dvnny.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dvnny.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dvnny.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Baaaaa.class


Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Baaaaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Baaaaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dix.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dix.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dix.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dux.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dux.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip=>Dux.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3c61d7a3.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>BaaaaBaa.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>BaaaaBaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>BaaaaBaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>VaaaaaaaBaa.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>VaaaaaaaBaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>VaaaaaaaBaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dvnny.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dvnny.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dvnny.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Baaaaa.class


Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Baaaaa.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Baaaaa.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dix.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dix.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dix.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dux.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dux.class


Disinfection failed

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip=>Dux.class


Deleted

C:\Documents and Settings\Abercrombie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-7239fec5-6b457c4a.zip


Updated

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-075909-679.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-075909-679.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-075909-679.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080536-403.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080536-403.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080536-403.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080843-214.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080843-214.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-080843-214.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-245.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-245.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-245.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-346.dll


Infected with: Trojan.Obfus.Gen

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-346.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-081122-346.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-082945-142.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-082945-142.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-082945-142.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-083239-138.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-083239-138.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070410-083239-138.dll


Deleted

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070424-162722-237.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070424-162722-237.dll


Disinfection failed

C:\Documents and Settings\Abercrombie\Desktop\backups\backup-20070424-162722-237.dll


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001


Infected with: Dropped:Application.Adware.NewDotNet.B

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Spy.WebBuy.A

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0002


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0003


Infected with: Trojan.BHO.AW

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0003


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0003


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Infected with: Rootkit.Agent.CL

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\pep.exe.exe.vir


Infected with: Trojan.Peed.Gen

C:\QooBox\Quarantine\C\WINDOWS\system32\pep.exe.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\pep.exe.exe.vir


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001572.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001572.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001572.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001573.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001573.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001573.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001574.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001574.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001574.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001575.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001575.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001575.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001576.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001576.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001576.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001589.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001589.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001589.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001590.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001590.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001590.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001608.dll


Infected with: Trojan.Agent.AOM

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001608.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001608.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001609.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001609.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001609.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0001870.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0001870.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0001870.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002007.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002007.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002007.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Dropped:Application.Adware.NewDotNet.B

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Spy.WebBuy.A

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0003


Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0003


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)=>zlib_nsis0003


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002009.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002009.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002009.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002010.exe


Infected with: Trojan.Downloader.Agent.AWF

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002010.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002013.exe


Infected with: Trojan.Downloader.Brak.A

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002013.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002013.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004462.dll


Infected with: Trojan.BHO.AU

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004462.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004462.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004464.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004464.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004464.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004465.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004465.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004465.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005892.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005892.exe


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005892.exe


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Dropped:Application.Adware.NewDotNet.B

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Spy.WebBuy.A

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0003


Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0003


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)=>zlib_nsis0003


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005900.sys


Infected with: Rootkit.Agent.CL

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005900.sys


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005900.sys


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007858.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007858.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007858.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007859.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007859.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007859.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007860.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007860.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007860.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007861.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007861.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007861.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007862.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007862.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007862.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007863.dll


Infected with: Trojan.Obfus.Gen

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007863.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007863.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007864.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007864.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007864.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007865.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007865.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007865.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007866.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007866.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007866.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001267.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001267.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001267.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001273.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001273.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001273.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001274.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001274.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001274.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001275.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001275.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001275.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001276.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001276.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001276.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001278.dll


Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001278.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001278.dll


Deleted

C:\WINDOWS\system32\ddb.exe


Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\ddb.exe


Disinfection failed

C:\WINDOWS\system32\ddb.exe


Deleted

C:\WINDOWS\system32\duo.exe


Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\duo.exe


Disinfection failed

C:\WINDOWS\system32\duo.exe


Deleted

C:\WINDOWS\system32\mdxfnzj.dll


Infected with: Trojan.Obfus.Gen

C:\WINDOWS\system32\mdxfnzj.dll


Disinfection failed

C:\WINDOWS\system32\mdxfnzj.dll


Deleted

C:\WINDOWS\system32\micro1\web2.exe


Infected with: Trojan.Spy.WebBuy.A

C:\WINDOWS\system32\micro1\web2.exe


Disinfection failed

C:\WINDOWS\system32\micro1\web2.exe


Deleted

C:\WINDOWS\system32\mlljjge.dll


Infected with: Trojan.Downloader.Conhook.AH

C:\WINDOWS\system32\mlljjge.dll


Disinfection failed

C:\WINDOWS\system32\mlljjge.dll


Deleted

C:\WINDOWS\system32\sca.exe


Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\sca.exe


Disinfection failed

C:\WINDOWS\system32\sca.exe


Deleted

C:\WINDOWS\system32\smt.exe


Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\smt.exe


Disinfection failed

C:\WINDOWS\system32\smt.exe


Deleted

C:\WINDOWS\system32\ssttr.exe


Infected with: MemScan:Trojan.BHO.AK

C:\WINDOWS\system32\ssttr.exe


Disinfection failed

C:\WINDOWS\system32\ssttr.exe


Deleted

C:\WINDOWS\vttqnl.dll


Infected with: Trojan.Agent.AOM

C:\WINDOWS\vttqnl.dll


Disinfection failed

C:\WINDOWS\vttqnl.dll


Deleted

[Bugged]

Remaining log files:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2007 at 04:09 PM

Application Version : 3.7.1018

Core Rules Database Version : 3234
Trace Rules Database Version: 1245

Scan type : Complete Scan
Total Scan Time : 00:34:27

Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 5811
Registry threats detected : 0
File items scanned : 37956
File threats detected : 108

Adware.Tracking Cookie
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@statse.webtrendslive[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ads.cnn[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adrevolver[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@247realmedia[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.onlineemedia[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@realmedia[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@questionmarket[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@redorbit[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@pro-market[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@tribalfusion[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@count.exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@turnersports.112.2o7[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@reduxads.valuead[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@clicksor[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@perf.overture[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@e-2dj6wjk4sid5wko.stats.esomniture[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@e-2dj6wjlygidjokp.stats.esomniture[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@indiads[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@statcounter[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.burstnet[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@fortunecity[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.sexypole[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@findwhat[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@affiliatetracking[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@serving-sys[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@tremor.adbureau[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adopt.euroclick[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adbrite[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@roiservice[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@lynxtrack[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.onlineemedia[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ads.adbrite[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adv.webmd[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@h.starware[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@fastclick[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@entrepreneur[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@2o7[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.admedian[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@revsci[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@specificclick[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@count1.exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.xctrk[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ads.revsci[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@cpvfeed[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@advertising[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@goclick[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ad.yieldmanager[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ads.pointroll[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@edge.ru4[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@count3.exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@anad.tacoda[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@enhance[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ad.zanox[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@4.adbrite[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@media.fastclick[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@interclick[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@doubleclick[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@tacoda[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@anat.tacoda[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@apmebf[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@atdmt[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@bs.serving-sys[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@shopping.112.2o7[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@mediaplex[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@trafficmp[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@zedo[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.drivecleaner[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ads.addynamix[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@e-2dj6wjmyald5ico.stats.esomniture[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@bluestreak[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@atwola[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@cdn.euroclick[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@www.burstbeacon[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@partner2profit[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ad.bannerconnect[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ad.firstadsolution[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@directtrack[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@count4.exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@stats.drivecleaner[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@angleinteractive.directtrack[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@count2.exitexchange[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@stat.dealtime[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@hitbox[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@go.drivecleaner[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@go.drivecleaner[3].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@click.revenuepilot[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@redirect.clickshield[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@burstnet[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@casalemedia[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@drivecleaner[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@login.revenueloop[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@adopt.specificclick[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@tracking.foxnews[2].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Abercrombie\Cookies\abercrombie@ad.adnetinteractive[2].txt

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004459.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004460.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004461.DLL

Browser Hijacker.Deskbar/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004463.EXE

Trojan.TaskDir
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0004466.DLL


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:16:37 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark 8300 Series\lxcjlpx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Mitchell1\Manager\Series2\Program\Series20.exe
C:\MITCHE~1\ONDEMA~1\Od5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{72CD4~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{72CD4~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 2305 bytes


Thanks again for all your help

[rridgely]

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

[Bugged]

rridgely, on May 9 2007, 09:24 PM, said:

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

Running that program now I have not had any pop-ups.....yeah!!!

[Bugged]

Bugged, on May 9 2007, 09:39 PM, said:

Running that program now I have not had any pop-ups.....yeah!!!

No hidden processes found. Thank you so much for all your assistance.

[rridgely]

Since doing all of the things I've told you to do have you rebooted your computer at all?
If you haven't rebooted then please do.

Then run the below scan to see if there is anything left to remove:

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.

I'm glad your pop ups are gone though.

[rridgely]

Oh I forgot that when you post the kaspersky log please post a new hijackthis log as well.

[Bugged]

rridgely, on May 9 2007, 09:48 PM, said:

Oh I forgot that when you post the kaspersky log please post a new hijackthis log as well.

I have rebooted several times and just before the last one you suggested and in process and will be posting both logs shortly

[Bugged]

rridgely, on May 9 2007, 09:48 PM, said:

Oh I forgot that when you post the kaspersky log please post a new hijackthis log as well.

Kasperky log: had to stop scan to go home will run again overnight and post logs from that scan


C:\Documents and Settings\Abercrombie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Abercrombie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temp\~DFD44F.tmp Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temp\~DFD45C.tmp Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\ntuser.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0005 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir NSIS: infected - 8 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mp43.exe.vir Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0002 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0005 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0006/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0006/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0006/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0006 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe NSIS: infected - 8 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0002 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0005 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0006/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0006/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0006/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0006 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe NSIS: infected - 8 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005896.exe Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005918.EXE Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007870.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007871.exe Infected: Email-Worm.Win32.Zhelatin.cl skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007872.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007873.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007874.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007875.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007876.exe Infected: Email-Worm.Win32.Zhelatin.cj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007878.dll Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP71\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3B09C71E-C3B6-4969-9649-437BA89AA0AE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkklmki.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\mljggee.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Drivers\Win_9X\lxcjsr9x.ex_/ Infected: Trojan.Win32.Small.iz skipped
E:\Drivers\Win_9X\lxcjsr9x.ex_ MS Expand: infected - 1 skipped
M:\boot.ini Object is locked skipped
M:\Documents and Settings\Window washer\s2k.hacking.exe Infected: not-a-virus:Dialer.Win32.gen skipped
M:\Mitchell1\Manager\Series2\CarInfo\Car32.ldb Object is locked skipped
M:\Mitchell1\Manager\Series2\CarInfo\dbsys.ldb Object is locked skipped
M:\Mitchell1\Manager\Series2\CarInfo\dbsys.pps Object is locked skipped
M:\Mitchell1\Manager\Series2\CarInfo\Smstatic.ldb Object is locked skipped
M:\Mitchell1\Manager\Series2\CarInfo\Smstatic.mdb Object is locked skipped
M:\Mitchell1\Manager\Series2\InstallShield\setup.ilg Object is locked skipped
M:\Mitchell1\Manager\Series2\mdb\SMCORE32.ldb Object is locked skipped
M:\Mitchell1\Manager\Series2\mdb\SMCORE32.MDB Object is locked skipped
M:\Mitchell1\Manager\Series2\mdb\statuslk.dat Object is locked skipped
M:\Mitchell1\Manager\Series2\mdb\userlock.dat Object is locked skipped
M:\Mitchell1\Manager\Series2\MTOD\usage0.fle Object is locked skipped
M:\Mitchell1\Manager\Series2\Program\InstallShield\setup.ilg Object is locked skipped
Scan was interrupted by user!

Thanks again for the help will continue tomorrow!

[Bugged]

rridgely,

First of all, thank you for all your help. Folks like you make me have faith in the world -- thanks.

OK, I am currently running the Kaspersky log, which I will post along with the HJT log. The Kaspersky log takes so long to run so I have limited it to the 'C' drive, I don't have any other hard-drives so I'm thinking that should be enough.

BTW, I'm the guy who statrted this thread but not the guy you worked with most of yesterday (there are several users on this machine) but I did review the thread and I'll complete it today.

Here's the Kaspersky log (I notice there are two trojans) and the HJT log follows.

Mark

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3B09C71E-C3B6-4969-9649-437BA89AA0AE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkklmki.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\mljggee.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\ABERCR~1\LOCALS~1\Temp\~DF41AD.tmp Object is locked skipped
C:\DOCUME~1\ABERCR~1\LOCALS~1\Temp\~DF41BA.tmp Object is locked skipped
Scan process completed.



HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:52:21 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 2477 bytes

BTW -- pop-ups and redirects appear to have halted.

Mark

[Bugged]

Here is latest Kasper log (complete scan) and HJT log:

Thursday, May 10, 2007 8:52:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/05/2007
Kaspersky Anti-Virus database records: 297194
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 54447
Number of viruses found 8
Number of infected objects 18 / 0
Number of suspicious objects 0
Duration of the scan process 00:48:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Abercrombie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Abercrombie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temp\~DF41AD.tmp Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temp\~DF41BA.tmp Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\ntuser.dat Object is locked skipped
C:\Documents and Settings\Abercrombie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Mitchell1\Manager\Series2\CarInfo\Car32.ldb Object is locked skipped
C:\Mitchell1\Manager\Series2\CarInfo\dbsys.ldb Object is locked skipped
C:\Mitchell1\Manager\Series2\CarInfo\dbsys.pps Object is locked skipped
C:\Mitchell1\Manager\Series2\CarInfo\Smstatic.ldb Object is locked skipped
C:\Mitchell1\Manager\Series2\CarInfo\Smstatic.mdb Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mp43.exe.vir Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002008.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005893.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005896.exe Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0005918.EXE Infected: Trojan-Downloader.Win32.VB.ahq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007870.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007871.exe Infected: Email-Worm.Win32.Zhelatin.cl skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007872.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007874.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007875.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007876.exe Infected: Email-Worm.Win32.Zhelatin.cj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP65\A0007878.dll Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3B09C71E-C3B6-4969-9649-437BA89AA0AE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkklmki.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\mljggee.dll Infected: Trojan-Downloader.Win32.ConHook.ah skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:54:23 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Mitchell1\Manager\Series2\Program\Series20.exe
C:\MITCHE~1\ONDEMA~1\Od5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Abercrombie\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 2656 bytes

Mark