g2p3s.exe removal?

Computing.Net > Forums > Security and Virus > g2p3s.exe removal?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

g2p3s.exe removal?

Name: jace1
Date: January 15, 2008 at 17:26:48 Pacific
OS: windows xp
CPU/Ram: 2gb
Product: custom

Comment:

G2p3s.exe - anyone know anything about it, or how to remove it rather?
It's the only item my antivirus cannot remove. Self replicating, not much info available online...

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: January 15, 2008 at 17:36:56 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: jace1
Date: January 15, 2008 at 17:51:41 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:52 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5087 bytes

Response Number 3

Name: jabuck
Date: January 15, 2008 at 18:05:21 Pacific

Reply:

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press fix "checked":
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/ (if you know what this is do not remove it)
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
Exit Hijack This
Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.
Navigate to and delete this file if found:
C:\WINDOWS\system32\kavo.exe
Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: jace1
Date: January 15, 2008 at 18:22:08 Pacific

Reply:

The hidden file won't show up. After I uncheck all the options so I can view the hidden files - it restores back to default.
Also, when I double click on the C drive it opens up in another window.
Thanks for your time jabuck.

Response Number 5

Name: jace1
Date: January 15, 2008 at 18:32:04 Pacific

Reply:

ComboFix 08-01-09.2 - user 2008-01-15 21:28:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1644 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-15 21:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 16:46 . 2008-01-15 16:45 114,829 -r-hs---- C:\g2p3s.exe
2008-01-15 16:39 . 2008-01-15 21:13 475 -r-hs---- C:\autorun.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 18:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-15 21:58 --------- d-----w C:\Documents and Settings\user\Application Data\OpenOffice.org2
2008-01-11 06:31 --------- d-----w C:\Documents and Settings\user\Application Data\Azureus
2008-01-09 05:33 --------- d-----w C:\Program Files\Tiger Gaming
2007-12-28 15:48 --------- d-----w C:\Documents and Settings\user\Application Data\LAIM
2007-11-16 19:40 --------- d-----w C:\Program Files\AIM Lite
2007-11-16 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-16 19:35 --------- d-----w C:\Program Files\AIM6
2007-11-16 19:35 --------- d-----w C:\Documents and Settings\user\Application Data\acccore
2007-11-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-16 19:33 --------- d-----w C:\Program Files\Viewpoint
2007-11-16 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-16 19:32 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-16 19:30 --------- d-----w C:\Documents and Settings\user\Application Data\Aim
2007-11-16 19:21 --------- d-----w C:\Program Files\LimeWire
2007-11-16 19:15 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
2007-11-16 19:10 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-16 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-18 04:09 164 ----a-w C:\install.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"DeadAIM"="rundll32.exe" [2004-08-04 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"laim"="C:\Program Files\AIM Lite\aimlite.exe" [2007-06-07 12:11 765952]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40 5367608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c88655d2-9ed5-11db-b776-e0f5cd3a5fc5}]
\Shell\AutoRun\command - G:\g2p3s.exe
\Shell\explore\Command - G:\g2p3s.exe
\Shell\open\Command - G:\g2p3s.exe
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:30:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 21:30:45
ComboFix-quarantined-files.txt 2008-01-16 02:30:31

LiveDrvPack.exe (SBLW-XPWEB-W3-US) KAVO0 b.exe removal tool	lsass.exe removal csrss.exe removal lsass.exe removal
See More

Response Number 6

Name: jabuck
Date: January 15, 2008 at 19:18:45 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\g2p3s.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Next navigate to C:\autorun , you may have two of them listed. Open up the file, the legit file should look like this or very similar:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
If the file does not look like that delete it.
Post a new Combofix scan please.

Response Number 7

Name: jace1
Date: January 15, 2008 at 19:40:32 Pacific

Reply:

- 2008-01-16 02:28:29 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-16 03:31:32 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"DeadAIM"="rundll32.exe" [2004-08-04 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"laim"="C:\Program Files\AIM Lite\aimlite.exe" [2007-06-07 12:11 765952]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40 5367608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c88655d2-9ed5-11db-b776-e0f5cd3a5fc5}]
\Shell\AutoRun\command - G:\g2p3s.exe
\Shell\explore\Command - G:\g2p3s.exe
\Shell\open\Command - G:\g2p3s.exe
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:38:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 22:38:55
ComboFix-quarantined-files.txt 2008-01-16 03:38:41
ComboFix2.txt 2008-01-16 03:32:50
ComboFix3.txt 2008-01-16 02:30:46

Response Number 8

Name: jabuck
Date: January 15, 2008 at 20:05:14 Pacific

Reply:

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.
Post a new Hijack This log please.

Response Number 9

Name: jace1
Date: January 15, 2008 at 21:15:26 Pacific

Reply:

still scanning

Response Number 10

Name: jace1
Date: January 15, 2008 at 21:57:41 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:46 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digiteo.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5306 bytes

Response Number 11

Name: jace1
Date: January 15, 2008 at 22:14:29 Pacific

Reply:

Should I paste the whole BDSCAN as well?

Response Number 12

Name: jace1
Date: January 15, 2008 at 23:38:40 Pacific

Reply:

BitDefender Online Scanner

Scan report generated at: Wed, Jan 16, 2008 - 00:51:04

Scan path: A:\;C:\;D:\;E:\;F:\;H:\;

Statistics
Time

01:19:54
Files

447039
Folders

11117
Boot Sectors

6
Archives

2190
Packed Files

10572

Results
Identified Viruses

13
Infected Files

65
Suspect Files

0
Warnings

0
Disinfected

2
Deleted Files

85

Engines Info
Virus Definitions

890437
Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins

14
Archive plugins

38
Unpack plugins

7
E-mail plugins

6
System plugins

1

Scan Settings
First Action

Disinfect
Second Action

Delete
Heuristics

Yes
Enable Warnings

Yes
Scanned Extensions

*;
Exclude Extensions

Scan Emails

Yes
Scan Archives

Yes
Scan Packed

Yes
Scan Files

Yes
Scan Boot

Yes

Scanned File

Status
C:\Program Files\Tiger Gaming\fst.exe

Infected with: Backdoor.Agent.AHJ
C:\Program Files\Tiger Gaming\fst.exe

Disinfection failed
C:\Program Files\Tiger Gaming\fst.exe

Deleted
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Infected with: Backdoor.Agent.AHJ
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Disinfection failed
C:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014103.exe

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Infected with: Trojan.Delf.M
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900001.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900002.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900003.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900004.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900005.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900006.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900007.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900008.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900009.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000A.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000B.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000C.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000D.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000E.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0290000F.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900010.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900011.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900012.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900013.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Infected with: Backdoor.Dragonbot.J
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900014.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900015.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C80000.VBN=>(Quarantine-PE)

Infected with: Win32.Worm.VB.DW
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C80000.VBN=>(Quarantine-PE)

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Qrap.B
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)

Update failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Infected with: MemScan:Trojan.SillyDl.50760
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Disinfection failed
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)=>bzip2_solid_nsis0001

Deleted
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0003=>(NSIS o)

Update failed
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip=>vmain.class

Infected with: Exploit.Java.Gimsh.B
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip=>vmain.class

Deleted
D:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-37c62411.zip

Updated
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Infected with: Trojan.Ribdew.C.DLL
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)=>lzma_solid_nsis0002

Deleted
D:\Documents and Settings\user\Desktop\docs\Utilities\AresFileshare1.1-Setup.exe=>(NSIS o)

Update failed
D:\Documents and Settings\user\Desktop\docs\Utilities\programs\Universal Adobe PhotoShop Serial Number Generator.exe

Infected with: Win32.HLLP.Hantaner.E
D:\Documents and Settings\user\Desktop\docs\Utilities\programs\Universal Adobe PhotoShop Serial Number Generator.exe

Disinfected
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Infected with: Trojan.Winad.275101.D
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Disinfection failed
D:\Documents and Settings\user\Local Settings\Temp\MediaAccessInstPack.exe

Deleted
D:\Program Files\Tiger Gaming\fst.exe

Infected with: Backdoor.Agent.AHJ
D:\Program Files\Tiger Gaming\fst.exe

Disinfection failed
D:\Program Files\Tiger Gaming\fst.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Infected with: Trojan.Downloader.Zlob.100c.A
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP339\A0374009.dll

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0417718.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Infected with: MemScan:Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP347\A0423726.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP349\A0429770.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0435810.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0436822.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437849.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0437850.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP350\A0439934.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP351\A0440015.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440323.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP353\A0440349.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP354\A0440420.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440492.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP356\A0440519.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440753.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP357\A0440823.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP359\A0441055.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441283.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP360\A0441386.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441443.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0441636.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP361\A0442865.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP363\A0443998.exe

Deleted
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Disinfection failed
D:\System Volume Information\_restore{A75E884F-4E1D-4B93-8B40-2D9AB1B32CFD}\RP367\A0444773.exe

Deleted
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014104.exe

Infected with: Win32.HLLP.Hantaner.E
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014104.exe

Disinfected
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Infected with: Trojan.Winad.275101.D
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Disinfection failed
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014105.exe

Deleted
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Infected with: Backdoor.Agent.AHJ
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Disinfection failed
D:\System Volume Information\_restore{E5E53459-CE08-4894-8324-F1E40B918C62}\RP64\A0014106.exe

Deleted
D:\WINDOWS\pxwma.dll

Infected with: Trojan.Ribdew.C.DLL
D:\WINDOWS\pxwma.dll

Disinfection failed
D:\WINDOWS\pxwma.dll

Deleted
D:\WINDOWS\svchost.exe

Infected with: MemScan:Trojan.SillyDl.50760
D:\WINDOWS\svchost.exe

Disinfection failed
D:\WINDOWS\svchost.exe

Deleted

Response Number 13

Name: jabuck
Date: January 16, 2008 at 03:29:19 Pacific

Reply:

Looks much better, how is the computer operating?

Response Number 14

Name: jace1
Date: January 16, 2008 at 13:19:20 Pacific

Reply:

Running great. Is there anything that I could help you with, or could do to reimburse you for your time?

Response Number 15

Name: jabuck
Date: January 16, 2008 at 14:01:52 Pacific

Reply:

No thank you, at this time computing.net does not accept contibutions.
Glad we could help.

Sponsored Link

Ads by Google

Windows Activation Trojan...

someone please help me

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: g2p3s.exe removal?

g2p3s.exe, kavo.exe and kavo0.dll

Summary

www.computing.net/answers/security/g2p3sexe-kavoexe-and-kavo0dll/22315.html

mouse.exe removal question

Summary

www.computing.net/answers/security/mouseexe-removal-question/16914.html

svchost.exe removal help!

Summary

www.computing.net/answers/security/svchostexe-removal-help/8866.html

From the Geek Dictionary
reinstall - A common cure for problems stemming from the Windows family of operating sy...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
KIS10 - Black List is Corrupt

Dropdown menus don't work in IE8

memory eror

pc with vista wont play video

Disable USB

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE