Jump to content
prose072

Superantivirus Spyware not picking up new trojans

Recommended Posts

heres an hijack this log and I will post the related TROJAN List as well

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:07:10 PM, on 9/20/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} -

C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program

Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program

Files\myBabylon_English\tbmyBa.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -

C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -

C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: TBSB03621 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program

Files\CommentsBar\tbcore3.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: CommentsBar - {5A0035AB-8F83-4D03-BE4E-C8267A3A4A1A} - C:\Program

Files\CommentsBar\tbcore3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program

Files\myBabylon_English\tbmyBa.dll

O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -

HPW

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program

Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-

Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program

Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program

Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program

Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program

Files\ieSpell\iespell.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program

Files\PicLensIE\cooliris.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -

C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-

B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

http://www.nvidia.com/content/DriverDow ... eqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -

http://cdn.scan.onecare.live.com/resour ... cctrl2.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -

http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program

Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common

Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program

Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: Google Update Service (gupdate1c9965fc0d2f60) (gupdate1c9965fc0d2f60) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program

Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program

Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program

Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program

Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: MotoConnect Service - Unknown owner - C:\Program

Files\Motorola\MotoConnectService\MotoConnectService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32

\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common

Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program

Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing

Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUService.exe

--

End of file - 11430 bytes[attachment=2]Mal Trojan List Part 1.JPG[/attachment][attachment=1]Mal Trojan List Part 2.JPG[/attachment][attachment=0]Mal Trojan Part 3.JPG[/attachment]

Share this post


Link to post
Share on other sites

The product is SUPERAntiSpyware..............

..........post the actual scan log from the other product and the scan log from SUPERAntiSpyware here.

Share this post


Link to post
Share on other sites

I need Help, so....

No Offense, But I am fully aware that this SuperAntiVirusSpyware....

SuperAVS is my preferred program and when they are missing trojans in thier scans I full it's a duty to let them know, since it has always protected my system and is not now, it is only pickingup adware...

In addition, there is a flaoting tray icon that is identical to SuperAVS bug icon that appears then disappears///so someone has found a way to disguise there virus hidden in SuperAVS and has infected my system..

I have uninstalled it and reinstalled it, updated it, even cleared the regedit keys to make sure it was clean, but SuperAVSW is not finding this bug since it resembles its program....

I have been Hijacked ...BTW...the Live TV in the screenshot list is not even on my PC anymore...wiped it out and it still picks up

Once again Super AVS is only recognizing Adware on my system and cleaning it,nothing else, the bug works with SuperAVSW

Running SupperAVSW scan now..wil post log...BTW...

the hijack this log is posted above along with the found trojans that SuperAVS did not find...

Share this post


Link to post
Share on other sites
No Offense, But I am fully aware that this SuperAntiVirusSpyware....

SuperAVS is my preferred program and when they are missing trojans in thier scans I full it's a duty to let them know, since it has always pryected my system and is not now, it is only pickingup adware...

In addition, there is a flaoting tray icon that is identical to SuperAVS bug icon that appears then disappears///so someone has found a way to disguise there virus hidden in SuperAVS and has infected my system..

I have uninstalled it and reinstalled it, updated it, even cleared the regedit keys to make sure it was clean, but SuperAVSW is not finding this bug since it resembles its program....

I have been Hijacked ...BTW...the Live TV in the screenshot list is not even on my PC anymore...wiped it out and it still picks up

Once again Super AVS is only recognizing Adware on my system and cleaning it,nothing else, the bug works with SuperAVSW

Running SupperAVSW scan now..wil post log...BTW...

the hijack this log is posted above along with the found trojans that SuperAVS did not find...

The name is SuperAntiSpyware and not SuperAntiVirusSpyware.

Share this post


Link to post
Share on other sites

The name is SuperAntiSpyware and not SuperAntiVirusSpyware.

So you point is....? you have no knowledge in helping people and no useful information or reply to assist and aid others using this software or any other for that matter...?

In addittion, you probally do not have any knowledge of what a HiJack this file is,,,no google allowed...that's what I thought..

So if you do not have knowledge nor can assist why do you answer? for harrasment, that would be nice to report to Customer Support in the morning and useful to have a refund on my application purchase instead of customer support / tech support

Share this post


Link to post
Share on other sites
The name is SuperAntiSpyware and not SuperAntiVirusSpyware.

So you point is....? you have no knowledge in helping people and no useful information or reply to assist and aid others using this software or any other for that matter...?

We are asking for the scan log of the other product - HiJackThis is worthless - it can't see any hidden processes, registry keys, services. Please POST the other scan log, and your current 4.29.1002 w/latest definitions SUEPRAntiSpyware scan log and we can assist you.

Share this post


Link to post
Share on other sites

Here's the log,s but keep in mind...The application itself is being replicated and HIJACKED....

As I said above, I have a floating tray Icon that appears and then disappears that replicates the SAVS bug icon...when the application s is open sometimes it appears and I will see 2 bug icons and when I move the mouse toward it it suddenly dissappears...the Application itself has been Highjacked and altered not to pick u[p the definitions of the trojans...so when I scan, I just find adware...not the trojans...I just ran another application and also found 70 TRjans where... SAVS always found it before, but not now...the scan log will not do any good but here it is...BRB

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 09/20/2009 at 06:50 PM

Application Version : 4.29.1002

Core Rules Database Version : 4112

Trace Rules Database Version: 2052

Scan type : Complete Scan

Total Scan Time : 00:56:46

Memory items scanned : 742

Memory threats detected : 0

Registry items scanned : 8674

Registry threats detected : 0

File items scanned : 11203

File threats detected : 11

Adware.Tracking Cookie

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\mike_&_shasty@atdmt[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@bs.serving-sys[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@revsci[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@collective-media[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@serving-sys[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@fastclick[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@apmebf[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@ads.bridgetrack[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@ad.yieldmanager[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@content.yieldmanager[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@advertising[1].txt

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 09/18/2009 at 07:38 PM

Application Version : 4.29.1002

Core Rules Database Version : 4110

Trace Rules Database Version: 2050

Scan type : Complete Scan

Total Scan Time : 02:13:48

Memory items scanned : 661

Memory threats detected : 0

Registry items scanned : 8660

Registry threats detected : 0

File items scanned : 34707

File threats detected : 15

Adware.Tracking Cookie

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\mike_&_shasty@atdmt[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@www.googleadservices[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@trafficmp[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@casalemedia[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@collective-media[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@atdmt[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@doubleclick[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@doubleclick[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@interclick[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@zedo[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@eb.adbureau[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@adserver.adtechus[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@a1.interclick[2].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@msnportal.112.2o7[1].txt

C:\Users\Mike & Shasty\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike_&_shasty@atdmt[2].txt

9/20/2009 4:26:33 PM

mbam-log-2009-09-20 (16-26-29).txt

Scan type: Quick Scan

Objects scanned: 96677

Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.

Files Infected:

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.41

Database version: 2833

Windows 6.0.6002 Service Pack 2

9/20/2009 6:38:40 PM

mbam-log-2009-09-20 (18-38-22).txt

Scan type: Quick Scan

Objects scanned: 97266

Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.

Files Infected:

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.41

Database version: 2821

Windows 6.0.6002 Service Pack 2

9/18/2009 5:16:27 PM

mbam-log-2009-09-18 (17-16-21).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 408874

Time elapsed: 1 hour(s), 54 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.

Files Infected:

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.41

Database version: 2821

Windows 6.0.6002 Service Pack 2

9/18/2009 1:06:00 PM

mbam-log-2009-09-18 (13-05-52).txt

Scan type: Quick Scan

Objects scanned: 96215

Time elapsed: 15 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Live_TV (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Trojan.Agent) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.

Files Infected:

C:\Program Files\Live_TV\tbLive.dll (Trojan.Agent) -> No action taken.

C:\Program Files\Live_TV\toolbar.cfg (Trojan.Agent) -> No action taken.

C:\Program Files\Live_TV\UNWISE.EXE (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.41

Database version: 2813

Windows 6.0.6002 Service Pack 2

9/17/2009 12:34:44 AM

mbam-log-2009-09-17 (00-34-40).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 411296

Time elapsed: 2 hour(s), 6 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.

Files Infected:

C:\Program Files\Live_TV\tbLive.dll (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.

C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.

Share this post


Link to post
Share on other sites

Please post the scan log from the product you claim is discovering the threats so we can see what is being detected as a threat.

Share this post


Link to post
Share on other sites

Listed above and there is actually 78 trojans in the quaruntine as shown above, but everytime I scan it seems that it moves to another file location ()roaming) ...

The other scan is 90.9% complete and I will post that log in a few minutes... Avira AntiVir application

Thanks for the help

Share this post


Link to post
Share on other sites

:twisted:

Avira AntiVir Personal

Report file date: Sunday, September 20, 2009 17:19

Scanning for 1729942 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : SYSTEM

Computer name : MUSTANGGT500

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42

ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 9/16/2009 21:12:02

ANTIVIR3.VDF : 7.1.6.13 181248 Bytes 9/18/2009 21:12:11

Engineversion : 8.2.1.19

AEVDF.DLL : 8.1.1.2 106867 Bytes 9/20/2009 21:12:18

AESCRIPT.DLL : 8.1.2.31 475513 Bytes 9/20/2009 21:12:18

AESCN.DLL : 8.1.2.5 127346 Bytes 9/20/2009 21:12:17

AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39

AEPACK.DLL : 8.2.0.0 422261 Bytes 9/20/2009 21:12:16

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39

AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/20/2009 21:12:15

AEHELP.DLL : 8.1.7.0 237940 Bytes 9/20/2009 21:12:13

AEGEN.DLL : 8.1.1.63 364916 Bytes 9/20/2009 21:12:13

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40

AECORE.DLL : 8.1.8.1 184693 Bytes 9/20/2009 21:12:12

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, E:, F:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Sunday, September 20, 2009 17:19

Starting search for hidden objects.

'218233' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'wlcomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'winssnotifye.exe' - '1' Module(s) have been scanned

Scan process 'HijackThis.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'FlashUtil10c.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'taskmgr.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'winssnotify.exe' - '1' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ehsched.exe' - '1' Module(s) have been scanned

Scan process 'WLIDSVCM.EXE' - '1' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned

Scan process 'winss.exe' - '1' Module(s) have been scanned

Scan process 'msfwsvc.exe' - '1' Module(s) have been scanned

Scan process 'MotoConnect.exe' - '1' Module(s) have been scanned

Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned

Scan process 'XAudio.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned

Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'pdisrvc.exe' - '1' Module(s) have been scanned

Scan process 'OcHealthMon.exe' - '1' Module(s) have been scanned

Scan process 'MotoConnectService.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned

Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned

Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned

Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

80 processes with 80 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD3

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD4

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD5

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '40' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\hp\bin\KillIt.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

C:\hp\HPQWare\BTBHost\SetACL.exe

[DETECTION] Contains recognition pattern of the APPL/ACLSet application

C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147

[0] Archive type: ZIP

--> vlocal.class

[DETECTION] Is the TR/Dldr.Java.OpenConnection.AT Trojan

C:\Users\Mike & Shasty\Documents\c00042301[1].pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Mike & Shasty\Pictures\dropshadow_1.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\dropshadow_10.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\dropshadow_4.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\dropshadow_7.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_4.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_5.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_6.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_7.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

C:\Users\Mike & Shasty\Pictures\[004936].jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\Mike & Shasty\Pictures\[005783].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[005942].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[007773].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

Begin scan in 'D:\'

Begin scan in 'E:\'

E:\Backup files\Documents\c00042301[1].pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

E:\Backup files\Documents\c00042301[1]_1.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

E:\Backup files\Documents\c00042301[1]_2.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

E:\Backup files\Documents\c00042301[1]_3.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

E:\Backup files\Documents\c00042301[1]_4.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

E:\Backup files\Documents\c00042301[1]_5.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

Begin scan in 'F:\'

Beginning disinfection:

C:\hp\bin\KillIt.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

[NOTE] The file was moved to '4b22d7cd.qua'!

C:\hp\HPQWare\BTBHost\SetACL.exe

[DETECTION] Contains recognition pattern of the APPL/ACLSet application

[NOTE] The file was moved to '4b2ad7c9.qua'!

C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147

[NOTE] The file was moved to '4ae9d79c.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1].pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4ae6d794.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c1649ed.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c2a5fad.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c0aa8cd.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c14799d.qua'!

C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c08597d.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4af7d7a7.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c0671e8.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c394060.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c184118.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c9258f0.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4af7d7a8.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ca45941.qua'!

C:\Users\Mike & Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c914089.qua'!

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c1dddb9.qua'!

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c1cc671.qua'!

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '462c6851.qua'!

C:\Users\Mike & Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZGC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '462b1069.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4ae7d7aa.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4631a833.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '463050cb.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '463f5883.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '463e415b.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4da0e8f3.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4daf908b.qua'!

C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4dae9943.qua'!

C:\Users\Mike & Shasty\Pictures\dropshadow_1.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4b25d7d7.qua'!

C:\Users\Mike & Shasty\Pictures\dropshadow_10.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4b25d7d8.qua'!

C:\Users\Mike & Shasty\Pictures\dropshadow_4.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4d55eaa9.qua'!

C:\Users\Mike & Shasty\Pictures\dropshadow_7.png

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4d5492e1.qua'!

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4af7d7a9.qua'!

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c046b72.qua'!

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c03130a.qua'!

C:\Users\Mike & Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c021bc2.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c01039a.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c000c52.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c0f346a.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c0e3c22.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_4.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c0d24fa.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_5.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ca2428a.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_6.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ca14b42.qua'!

C:\Users\Mike & Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWCARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_7.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ca0731a.qua'!

C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

[NOTE] The file was moved to '4ae7d7c5.qua'!

C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

[NOTE] The file was moved to '4cbe6386.qua'!

C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG

[DETECTION] Is the TR/Unpacked.Gen Trojan

[NOTE] The file was moved to '4cbd6bce.qua'!

C:\Users\Mike & Shasty\Pictures\[004936].jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4ae6d796.qua'!

C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4ae6d797.qua'!

C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4dc8ee20.qua'!

C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4c90bbb8.qua'!

C:\Users\Mike & Shasty\Pictures\[005783].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c958350.qua'!

C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ae6d798.qua'!

C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4cbb04f9.qua'!

C:\Users\Mike & Shasty\Pictures\[005942].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4cb80cb1.qua'!

C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4cb93569.qua'!

C:\Users\Mike & Shasty\Pictures\[007773].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ae6d799.qua'!

C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ede0afa.qua'!

C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c928b0a.qua'!

C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4c87251a.qua'!

C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ae6d79a.qua'!

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4edd2323.qua'!

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4eda2b1b.qua'!

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ed8d3d3.qua'!

C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '4ed9db8b.qua'!

E:\Backup files\Documents\c00042301[1].pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c0b5213.qua'!

E:\Backup files\Documents\c00042301[1]_1.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4edf32b3.qua'!

E:\Backup files\Documents\c00042301[1]_2.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c82d58b.qua'!

E:\Backup files\Documents\c00042301[1]_3.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4ea4f4f3.qua'!

E:\Backup files\Documents\c00042301[1]_4.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4c842dd3.qua'!

E:\Backup files\Documents\c00042301[1]_5.pdf

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[NOTE] The file was moved to '4ea6c443.qua'!

End of the scan: Sunday, September 20, 2009 20:31

Used time: 3:06:10 Hour(s)

The scan has been done completely.

26313 Scanned directories

955993 Files were scanned

68 Viruses and/or unwanted programs were found

4 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

72 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

955920 Files not concerned

6010 Archives were scanned

1 Warnings

73 Notes

218233 Objects were scanned with rootkit scan

0 Hidden objects were found

Share this post


Link to post
Share on other sites

TrendSecure

Trend Micro

Your current Web browser may not display this site properly.

TrendSecure performs best when opened with the latest version of either Microsoft Internet Explorer or Mozilla Firefox.

Comparison of your HijackThis log file items to others

The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.

Index % of PCs with item Code Data

1 0.0% O1 ::1 localhost

2 0.0% O13

69 0.0% O8 Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

70 0.0% O8 Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

76 0.0% P01 C:\WINDOWS\Explorer.EXE

77 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe

78 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE

79 0.0% P01 C:\WINDOWS\system32\taskmgr.exe

80 0.0% P01 C:\Windows\ehome\ehtray.exe

81 0.0% P01 C:\Windows\ehome\ehmsas.exe

82 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe

83 0.0% P01 C:\Windows\system32\taskeng.exe

84 0.0% P01 C:\Windows\system32\Dwm.exe

85 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe

86 0.0% P01 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

87 0.0% P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

88 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

89 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

90 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

91 0.0% P01 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

92 0.0% P01 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

93 0.0% P01 C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

94 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

95 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

96 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

97 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

98 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

99 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

100 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

101 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

102 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

Explanation of the codes

R - Registry, StartPage/SearchPage changes

R0 - Changed registry value

R1 - Created registry value

R2 - Created registry key

R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

F0 - Changed inifile value

F1 - Created inifile value

F2 - Changed inifile value, mapped to Registry

F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

N1 - Change in prefs.js of Netscape 4.x

N2 - Change in prefs.js of Netscape 6

N3 - Change in prefs.js of Netscape 7

N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

O1 - Hijack of auto.search.msn.com with Hosts file

O2 - Enumeration of existing MSIE BHO's

O3 - Enumeration of existing MSIE toolbars

O4 - Enumeration of suspicious autoloading Registry entries

O5 - Blocking of loading Internet Options in Control Panel

O6 - Disabling of 'Internet Options' Main tab with Policies

O7 - Disabling of Regedit with Policies

O8 - Extra MSIE context menu items

O9 - Extra 'Tools' menuitems and buttons

O10 - Breaking of Internet access by New.Net or WebHancer

O11 - Extra options in MSIE 'Advanced' settings tab

O12 - MSIE plugins for file extensions or MIME types

O13 - Hijack of default URL prefixes

O14 - Changing of IERESET.INF

O15 - Trusted Zone Autoadd

O16 - Download Program Files item

O17 - Domain hijack

O18 - Enumeration of existing protocols and filters

O19 - User stylesheet hijack

O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys

O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key

O22 - SharedTaskScheduler autorun Registry key

O23 - Enumeration of NT Services

O24 - Enumeration of ActiveX Desktop Components

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...