g2p3s.exe removal?

Computing.Net > Forums > Security and Virus > g2p3s.exe removal?

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Original Message

Name: jace1
Date: January 15, 2008 at 17:26:48 Pacific
Subject: g2p3s.exe removal?
OS: windows xp
CPU/Ram: 2gb
Model/Manufacturer: custom

Comment:

G2p3s.exe - anyone know anything about it, or how to remove it rather?
It's the only item my antivirus cannot remove. Self replicating, not much info available online...

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: January 15, 2008 at 17:36:56 Pacific

Reply: (edit)

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report Offensive Follow Up For Removal

Response Number 2

Name: jace1
Date: January 15, 2008 at 17:51:41 Pacific

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:52 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5087 bytes

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: January 15, 2008 at 18:05:21 Pacific

Reply: (edit)

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press fix "checked":
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/ (if you know what this is do not remove it)
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
Exit Hijack This
Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.
Navigate to and delete this file if found:
C:\WINDOWS\system32\kavo.exe
Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 4

Name: jace1
Date: January 15, 2008 at 18:22:08 Pacific

Reply: (edit)

The hidden file won't show up. After I uncheck all the options so I can view the hidden files - it restores back to default.
Also, when I double click on the C drive it opens up in another window.
Thanks for your time jabuck.

Report Offensive Follow Up For Removal

Response Number 5

Name: jace1
Date: January 15, 2008 at 18:32:04 Pacific

Reply: (edit)

ComboFix 08-01-09.2 - user 2008-01-15 21:28:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1644 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-15 21:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 16:46 . 2008-01-15 16:45 114,829 -r-hs---- C:\g2p3s.exe
2008-01-15 16:39 . 2008-01-15 21:13 475 -r-hs---- C:\autorun.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 18:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-15 21:58 --------- d-----w C:\Documents and Settings\user\Application Data\OpenOffice.org2
2008-01-11 06:31 --------- d-----w C:\Documents and Settings\user\Application Data\Azureus
2008-01-09 05:33 --------- d-----w C:\Program Files\Tiger Gaming
2007-12-28 15:48 --------- d-----w C:\Documents and Settings\user\Application Data\LAIM
2007-11-16 19:40 --------- d-----w C:\Program Files\AIM Lite
2007-11-16 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-16 19:35 --------- d-----w C:\Program Files\AIM6
2007-11-16 19:35 --------- d-----w C:\Documents and Settings\user\Application Data\acccore
2007-11-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-16 19:33 --------- d-----w C:\Program Files\Viewpoint
2007-11-16 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-16 19:32 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-16 19:30 --------- d-----w C:\Documents and Settings\user\Application Data\Aim
2007-11-16 19:21 --------- d-----w C:\Program Files\LimeWire
2007-11-16 19:15 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
2007-11-16 19:10 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-16 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-18 04:09 164 ----a-w C:\install.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"DeadAIM"="rundll32.exe" [2004-08-04 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"laim"="C:\Program Files\AIM Lite\aimlite.exe" [2007-06-07 12:11 765952]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40 5367608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c88655d2-9ed5-11db-b776-e0f5cd3a5fc5}]
\Shell\AutoRun\command - G:\g2p3s.exe
\Shell\explore\Command - G:\g2p3s.exe
\Shell\open\Command - G:\g2p3s.exe
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:30:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 21:30:45
ComboFix-quarantined-files.txt 2008-01-16 02:30:31

Report Offensive Follow Up For Removal


g2p3s.exe, kavo.exe and kavo0.dll How do I remove Nail.exe from PC b.exe Removal?! hclean32.exe removal removing svchost.exe!	ishost.exe removal? WinToolsA.exe removal problem Still need help with b.exe Removal! mouse.exe removal question Can't remove CDAC11BA.EXE

Response Number 6

Name: jabuck
Date: January 15, 2008 at 19:18:45 Pacific

Reply: (edit)

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\g2p3s.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Next navigate to C:\autorun , you may have two of them listed. Open up the file, the legit file should look like this or very similar:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
If the file does not look like that delete it.
Post a new Combofix scan please.

Report Offensive Follow Up For Removal

Response Number 7

Name: jace1
Date: January 15, 2008 at 19:40:32 Pacific

Reply: (edit)

- 2008-01-16 02:28:29 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-16 03:31:32 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"DeadAIM"="rundll32.exe" [2004-08-04 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"laim"="C:\Program Files\AIM Lite\aimlite.exe" [2007-06-07 12:11 765952]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40 5367608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c88655d2-9ed5-11db-b776-e0f5cd3a5fc5}]
\Shell\AutoRun\command - G:\g2p3s.exe
\Shell\explore\Command - G:\g2p3s.exe
\Shell\open\Command - G:\g2p3s.exe
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:38:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 22:38:55
ComboFix-quarantined-files.txt 2008-01-16 03:38:41
ComboFix2.txt 2008-01-16 03:32:50
ComboFix3.txt 2008-01-16 02:30:46

Report Offensive Follow Up For Removal

Response Number 8

Name: jabuck
Date: January 15, 2008 at 20:05:14 Pacific

Reply: (edit)

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.
Post a new Hijack This log please.

Report Offensive Follow Up For Removal

Response Number 9

Name: jace1
Date: January 15, 2008 at 21:15:26 Pacific

Reply: (edit)

still scanning

Report Offensive Follow Up For Removal

Response Number 10

Name: jace1
Date: January 15, 2008 at 21:57:41 Pacific

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:46 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5306 bytes

Report Offensive Follow Up For Removal

Response Number 11

Name: jace1
Date: January 15, 2008 at 22:14:29 Pacific

Reply: (edit)

Should I paste the whole BDSCAN as well?

Report Offensive Follow Up For Removal

Response Number 12

Name: jace1
Date: January 15, 2008 at 23:38:40 Pacific

Reply: (edit)

BitDefender Online Scanner

Scan report generated at: Wed, Jan 16, 2008 - 00:51:04

Scan path: A:\;C:\;D:\;E:\;F:\;H:\;

Statistics
Time

01:19:54
Files

447039
Folders

11117
Boot Sectors

6
Archives

2190
Packed Files

10572

Results
Identified Viruses

13
Infected Files

65
Suspect Files

0
Warnings

0
Disinfected

2
Deleted Files

85

Engines Info
Virus Definitions

890437
Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins

14
Archive plugins

38
Unpack plugins

7
E-mail plugins

6
System plugins

1

Scan Settings
First Action

Disinfect
Second Action

Delete
Heuristics

Yes
Enable Warnings

Yes
Scanned Extensions

*;
Exclude Extensions

Scan Emails

Yes
Scan Archives

Yes
Scan Packed

Yes
Scan Files

Yes
Scan Boot

Yes

Scanned File

Status
C:\Program Files\Tiger Gaming\fst.exe

Infected with: Backdoor.Agent.AHJ
C:\Program Files\Tiger Gaming\fst.exe

Disinfection failed
C:\Program Files\Tiger Gaming\fst.exe

Deleted
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Infected with: Backdoor.Agent.AHJ
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Disinfection failed
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Infected with: Trojan.Delf.M
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C80000.VBN=>(Quarantine-PE)

Infected with: Win32.Worm.VB.DW
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C80000.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip=>vmain.class

Infected with: Exploit.Java.Gimsh.B
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip=>vmain.class

Deleted
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip

Updated
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Ribdew.C.DLL
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)

Update failed
D:\Documents and Settings\user\Desktop\docs\Utilities\programs\Universal Adobe PhotoShop Serial Number Generator.exe

Infected with: Win32.HLLP.Hantaner.E
D:\Documents and Settings\user\Desktop\docs\Utilities\programs\Universal Adobe PhotoShop Serial Number Generator.exe

Disinfected
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Infected with: Trojan.Winad.275101.D
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Disinfection failed
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Deleted
D:\Program Files\Tiger Gaming\fst.exe

Infected with: Backdoor.Agent.AHJ
D:\Program Files\Tiger Gaming\fst.exe

Disinfection failed
D:\Program Files\Tiger Gaming\fst.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Infected with: Trojan.Downloader.Zlob.100c.A
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Infected with: MemScan:Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Deleted
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014104.exe

Infected with: Win32.HLLP.Hantaner.E
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014104.exe

Disinfected
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Infected with: Trojan.Winad.275101.D
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Disinfection failed
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Deleted
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Disinfection failed
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Deleted
D:\WINDOWS\pxwma.dll

Infected with: Trojan.Ribdew.C.DLL
D:\WINDOWS\pxwma.dll

Disinfection failed
D:\WINDOWS\pxwma.dll

Deleted
D:\WINDOWS\svchost.exe

Infected with: MemScan:Trojan.SillyDl.50760
D:\WINDOWS\svchost.exe

Disinfection failed
D:\WINDOWS\svchost.exe

Deleted