1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hijackthis.log file need help

Discussion in 'Windows - Virus and spyware problems' started by excel21, Jul 6, 2007.

  1. excel21

    excel21 Member

    Joined:
    Jul 6, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    I am starting to get annoying pop up windows can anyone please help me I scanned my system with hijackthis v1.99.1 and also ran an online scanner with Kaspersky it said it found 14 viruses. Thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 6:55:12 PM, on 7/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ocxloader.exe
    C:\WINDOWS\System32\qmlaplop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\DOWNLO~1\MyWebEx\319\raagtx.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
    O4 - HKLM\..\Run: [ocxloader.exe] C:\WINDOWS\System32\ocxloader.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: WebEx PCNow.LNK = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179177815328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179178508265
    O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://iplato.columbus.k12.oh.us/Pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67AE9D04-8247-49C7-86A9-576B845D97B3}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA787BB6-6A43-4969-9E02-48DB08E735DA}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE08B426-5298-4E46-8689-62AF5C11EEA3}: NameServer = 194.54.90.226
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



    Total number of scanned objects 162246
    Number of viruses found 14
    Number of infected objects 115 / 0
    Number of suspicious objects 0
    Duration of the scan process 02:25:14

    Infected Object Name Virus Name Last Action
    C:\2c0952e41fffdf2d814975ccb9\$shtdwn$.req Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\audiodev.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\blackbox.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\cewmdm.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\drmupgds.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\drmv2clt.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\laprxy.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.401 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.404 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.405 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.406 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.407 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.408 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.409 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.40b Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.40c Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.40d Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.40e Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.410 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.411 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.412 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.413 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.414 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.415 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.416 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.419 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.41b Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.41d Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.41f Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.424 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.804 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.816 Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\locbin\wpdshextres.dll.c0a Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\logagent.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mfplat.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mp43decd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mp43dmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mp4sdecd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mp4sdmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mpg4decd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mpg4dmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\msnetobj.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mspmsnsv.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mspmsp.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\msscp.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\mswmdm.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\portabledeviceapi.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\portabledeviceclassextension.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\portabledevicetypes.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\portabledevicewiacompat.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\portabledevicewmdrm.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\qasf.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\spuninst.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\spupdsvc.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\update.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\update.inf Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\update.ver Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\updspapi.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\wmfdist11.cat Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\wmfdist11.cdf Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\update\wpdinstallutil.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\uwdf.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wdfapi.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wdfmgr.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmadmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmadmoe.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmasf.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmdmlog.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmdmps.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmdrmdev.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmdrmnet.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmdrmsdk.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmidx.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmnetmgr.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmsdmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmsdmoe2.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmsetsdk.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmspdmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmspdmoe.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvadvd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvadve.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvcore.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvdecod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvdmod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvdmoe2.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvencod.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvsdecd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvsencd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wmvxencd.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdconns.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdinstallutil.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdmtp.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdmtp.inf Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdmtpdr.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdmtphw.inf Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdmtpus.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdshext.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdshextautoplay.exe Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdshserviceobj.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdsp.dll Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpdusb.sys Object is locked skipped

    C:\2c0952e41fffdf2d814975ccb9\wpd_ci.dll Object is locked skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652 ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87 ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69 ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7 ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a ZIP: infected - 2 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4 ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip ZIP: infected - 2 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{619E23A0-5DE1-4694-9030-89E0C4014C5D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{619E23A0-5DE1-4694-9030-89E0C4014C5D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007070620070707\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF1809.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF1827.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF4226.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF6F7D.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF70B4.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\~DF93C2.tmp Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\AnyDVD & AnyDVD HD 6.1.6.5 Final Incl Patch.rar/keymaker+patch.exe Infected: Trojan-Dropper.Win32.Delf.aec skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\AnyDVD & AnyDVD HD 6.1.6.5 Final Incl Patch.rar RAR: infected - 1 skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\VSO.ConvertXToDVD.2.2.3.258\VSO.ConvertXToDVD.2.2.3.exe/wr-1-426.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\VSO.ConvertXToDVD.2.2.3.258\VSO.ConvertXToDVD.2.2.3.exe ZIP: infected - 1 skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\VSO.ConvertXToDVD.2.2.3.258.rar/VSO.ConvertXToDVD.2.2.3.258/VSO.ConvertXToDVD.2.2.3.exe/wr-1-426.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\VSO.ConvertXToDVD.2.2.3.258.rar/VSO.ConvertXToDVD.2.2.3.258/VSO.ConvertXToDVD.2.2.3.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

    C:\Documents and Settings\Owner\My Documents\Azureus Downloads\VSO.ConvertXToDVD.2.2.3.258.rar RAR: infected - 2 skipped

    C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP0\A0000107.reg Infected: Trojan.WinREG.StartPage skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP104\A0011347.exe Infected: Trojan-Dropper.Win32.Small.a skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP105\A0011394.exe Infected: Trojan-Dropper.Win32.Small.a skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP105\A0011395.exe Infected: Trojan-Dropper.Win32.Small.a skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP170\A0023754.sys Infected: Rootkit.Win32.Agent.gk skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP170\A0023755.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP170\A0023757.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP170\A0024755.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP170\A0024759.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\A0024788.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\A0024792.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\A0024968.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\A0024971.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\change.log Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{7B4E0E3C-20CB-44A6-B637-7F71C9E65CC9}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\16\4311ed50-3ed9d652 ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\17\75d07d11-3484ee87 ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-2f887e69 ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-3eca8bc7 ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\34\3110eaa2-496f437a ZIP: infected - 2 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\51\7537abb3-259f48e4 ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-377719a0.zip ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-4f011c4-42b2a3b8.zip ZIP: infected - 2 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-12e0a5f3-2f419bc8.zip ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-30bbf59a-6581cd27.zip ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4f24f126.zip ZIP: infected - 3 skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

    C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-608c527-122553f9.zip ZIP: infected - 3 skipped

    C:\WINDOWS\system32\gtnfswkk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\iepref32.dll Object is locked skipped

    C:\WINDOWS\system32\lanmanwrk.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\WINDOWS\system32\msvcrtd.exe Object is locked skipped

    C:\WINDOWS\system32\qmlaplop.exe Infected: Trojan.Win32.Agent.aia skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_620.dat Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP171\change.log Object is locked skipped

    Scan process completed.
     
    excel21, Jul 6, 2007
    #1
  2. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi excel21


    Rename HijackThis.exe

    1. Right click on the HijackThis icon.

    [​IMG]

    2. Select Rename.

    [​IMG]

    3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
    Hit the enter key on keyboard.

    [​IMG]

    ---------------------------------------------------------------------------------

    Please download VundoFix.exe to your desktop.
    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    -----------------------------------------------------------------------------

    post:

    C:\vundofix.txt
    fresh HiJackThis log
     
    hilu, Jul 7, 2007
    #2
  3. excel21

    excel21 Member

    Joined:
    Jul 6, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    I am having trouble trying to open VundoFix.exe my browser has been hijack is there something else I can do maybe a website.thanks
     
    excel21, Jul 7, 2007
    #3
  4. hilu

    hilu Member

    Joined:
    Jun 7, 2006
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    -----------------------------------------------------------------------------------

    Download Blacklight Beta

    * Download fsbl.exe and save it to the C:\
    Go to Start-->Run, copy in the following text and press Enter:
    C:\fsbl.exe /expert
    (space between fsbl.exe and /expert)

    Accept the agreement, leave [X]scan through Windows Explorer checked.
    Click > scan, Then > next
    You'll see a list of all items found.

    Don't choose Rename if something was found!

    Exit.
    There will be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
    Copy and paste the contents of this log into your next reply.

    post:

    Blacklight log
    C:\combofix.txt
    fresh HiJackThis log
     
    hilu, Jul 8, 2007
    #4

Share This Page