BleepingComputer.com: Backdoor.win32.Zaccess.ob keeps coming up

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Backdoor.win32.Zaccess.ob keeps coming up

#16 User is offline   redwriter99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 10-November 11

Posted 12 November 2011 - 05:06 PM

OK... I'll post the combifix log and then the kaspersky full scan report... thanks again :)

ComboFix 11-11-11.06 - Carrie 11/12/2011 16:22:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.637 [GMT -5:00]
Running from: c:\documents and settings\Carrie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carrie\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-10 19:32 . 2011-11-12 02:03 -------- d-----w- c:\documents and settings\Carrie\Local Settings\Application Data\AskToolbar
2011-11-10 19:08 . 2011-11-10 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2011-11-10 19:04 . 2011-11-12 02:03 -------- d-----w- c:\program files\Ask.com
2011-11-06 05:25 . 2011-11-06 05:25 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-06 04:22 . 2011-11-12 01:56 -------- d-sh--w- c:\documents and settings\Carrie\Local Settings\Application Data\e6a756f5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 04:30 . 2006-03-02 06:22 98304 ----a-w- c:\windows\system32\igfxext.exe
2011-11-06 04:30 . 2006-09-03 02:37 368640 --sh--r- c:\windows\mspcl.exe
2011-09-18 01:02 . 2011-09-18 01:02 641021 ----a-w- c:\windows\unins000.exe
2003-12-05 00:16 69632 --sh--r- c:\windows\lnchshll.exe
2003-12-05 00:16 49152 --sh--r- c:\windows\ScrnInt.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_01.58.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-12 21:18 . 2011-11-12 21:18 16384 c:\windows\Temp\Perflib_Perfdata_2f0.dat
+ 2009-11-28 23:53 . 2011-11-12 02:19 704544 c:\windows\system32\drivers\fidbox2.dat
- 2009-11-28 23:53 . 2011-11-12 01:56 704544 c:\windows\system32\drivers\fidbox2.dat
+ 2009-11-28 23:53 . 2011-11-12 02:19 4673568 c:\windows\system32\drivers\fidbox.dat
- 2009-11-28 23:53 . 2011-11-12 01:56 4673568 c:\windows\system32\drivers\fidbox.dat
+ 2011-11-12 02:02 . 2011-11-12 02:03 2095616 c:\windows\Installer\420a9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-05 282624]
"MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2002-09-27 135168]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2011-11-06 577536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-13 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2011-11-10 208616]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"DSFHost"="c:\program files\Staples\easyprint\dsfhost.exe" [2008-12-12 4026457]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
.
c:\documents and settings\Carrie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-2 344064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-9-2 172032]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/15/2006 8:59 PM 47360]
S2 mspcl;mspcl;c:\windows\mspcl.exe [9/2/2006 9:37 PM 368640]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2009-06-30 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4228186276.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{354543D2-CCE0-4AC1-936A-F8C844797D79}: NameServer = 4.2.2.1,4.2.2.2
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Carrie\Application Data\Mozilla\Firefox\Profiles\tlb0x2um.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 16:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-11-12 16:33:05
ComboFix-quarantined-files.txt 2011-11-12 21:33
ComboFix2.txt 2011-11-12 02:07
.
Pre-Run: 31,955,087,360 bytes free
Post-Run: 31,939,932,160 bytes free
.
- - End Of File - - D787805D3EEBB7BFBAFA18B5A07FCCC0



and now the KASPERSKY FULL SCAN REPORT.....


Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/5/2011 11:30:25 PM Task started
11/5/2011 11:47:29 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/5/2011 11:54:12 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/6/2011 12:03:04 AM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 12:11:29 AM Task completed
11/6/2011 12:11:03 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:17 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:10:13 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:10:03 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 12:18:48 AM Task completed
11/6/2011 12:18:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:45 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:16:40 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:16:32 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:32 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:31 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 12:43:57 AM Task completed
11/6/2011 12:43:31 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:58 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:56 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 12:52:36 AM Task completed
11/6/2011 12:52:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:29 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:51:27 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:51:23 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 12:57:55 AM Task stopped
11/6/2011 12:56:55 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 1:38:29 AM Task stopped
11/6/2011 1:38:09 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 3:20:51 AM Task completed
11/6/2011 3:20:25 AM Detected: http://www.viruslist.com/en/advisories/46113 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/6/2011 3:20:19 AM Detected: http://www.viruslist.com/en/advisories/45584 C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
11/6/2011 3:17:23 AM Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/6/2011 2:59:35 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 2:59:03 AM Untreated: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe Postponed
11/6/2011 2:58:58 AM Detected: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe
11/6/2011 2:57:27 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 2:54:35 AM Untreated: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe Postponed
11/6/2011 2:54:33 AM Detected: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe
11/6/2011 2:45:58 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/6/2011 2:38:48 AM Detected: http://www.viruslist.com/en/advisories/43269 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll
11/6/2011 2:34:36 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/6/2011 2:19:29 AM Processing error: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35
11/6/2011 2:19:29 AM Untreated: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000 Postponed
11/6/2011 2:19:29 AM Detected: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000
11/6/2011 2:17:48 AM Untreated: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe Postponed
11/6/2011 2:17:47 AM Detected: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe
11/6/2011 2:17:44 AM Untreated: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class Postponed
11/6/2011 2:17:44 AM Detected: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class
11/6/2011 2:17:44 AM Untreated: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class Postponed
11/6/2011 2:17:44 AM Detected: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class
11/6/2011 2:17:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/6/2011 2:17:35 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/6/2011 2:17:32 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/6/2011 2:17:32 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/6/2011 2:17:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/6/2011 2:17:25 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/6/2011 2:16:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe Postponed
11/6/2011 2:16:38 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 2:13:35 AM Untreated: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3 Postponed
11/6/2011 2:13:34 AM Detected: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3
11/6/2011 2:01:04 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class Postponed
11/6/2011 2:01:04 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class
11/6/2011 2:01:03 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class Postponed
11/6/2011 2:01:03 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class
11/6/2011 2:01:00 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Documents and Settings\Carrie\Application Data\Microsoft\Installer\{721C0B3A-3E8E-445B-B81E-651699B87945}\easyprint_FPO.exe
11/6/2011 1:50:14 AM Task started
11/6/2011 1:48:45 AM Task stopped
11/6/2011 1:43:44 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini Postponed
11/6/2011 1:43:43 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini
11/6/2011 1:43:42 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini Postponed
11/6/2011 1:43:42 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini
11/6/2011 1:43:40 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini Postponed
11/6/2011 1:43:40 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini
11/6/2011 1:43:39 AM Untreated: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe Postponed
11/6/2011 1:43:39 AM Detected: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe
11/6/2011 1:43:39 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini Postponed
11/6/2011 1:43:38 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini
11/6/2011 1:41:42 AM Detected: http://www.viruslist.com/en/advisories/45516 C:\Program Files\quicktime\quicktimeplayer.exe
11/6/2011 1:41:35 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\microsoft office\office12\onenote.exe
11/6/2011 1:41:03 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 1:40:42 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:42 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:40:39 AM Detected: http://www.viruslist.com/en/advisories/40937 C:\Program Files\microsoft office\office12\winword.exe
11/6/2011 1:40:07 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:07 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:38:58 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 8:55:39 AM Task started
11/6/2011 9:00:14 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:03:04 AM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 9:18:25 AM Task completed
11/6/2011 9:18:01 AM Deleted: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:50 AM Disinfected: Trojan.Win32.Diple.coqt HKEY_USERS\S-1-5-21-3797448573-3364105993-1231677288-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
11/6/2011 9:17:46 AM Detected: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:15 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:16:23 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/6/2011 9:26:04 AM Task completed
11/6/2011 9:25:37 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/10/2011 6:03:18 PM Task stopped
11/10/2011 6:03:15 PM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/10/2011 6:15:26 PM Task started
11/10/2011 6:16:55 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 6:17:00 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 6:17:07 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys Postponed
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys
11/10/2011 6:18:20 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys Postponed
11/10/2011 6:18:21 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys Postponed
11/10/2011 6:18:22 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys
11/10/2011 6:18:22 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys Postponed
11/10/2011 6:18:23 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/10/2011 6:18:24 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe Postponed
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe Postponed
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Postponed
11/10/2011 6:18:25 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini
11/10/2011 6:18:25 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini Postponed
11/10/2011 6:18:25 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys
11/10/2011 6:18:25 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys Postponed
11/10/2011 6:18:28 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe
11/10/2011 6:18:28 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Postponed
11/10/2011 6:18:29 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe
11/10/2011 6:18:29 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys
11/10/2011 6:18:29 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe Postponed
11/10/2011 6:18:29 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini Postponed
11/10/2011 6:18:31 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/10/2011 6:18:31 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Postponed
11/10/2011 6:18:32 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe
11/10/2011 6:18:32 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe Postponed
11/10/2011 6:18:33 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini
11/10/2011 6:18:33 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini Postponed
11/10/2011 6:18:33 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys
11/10/2011 6:18:33 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys Postponed
11/10/2011 6:18:35 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini
11/10/2011 6:18:35 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini Postponed
11/10/2011 6:18:35 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys
11/10/2011 6:18:35 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys Postponed
11/10/2011 6:18:36 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini
11/10/2011 6:18:36 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini Postponed
11/10/2011 6:18:36 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys
11/10/2011 6:18:36 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys Postponed
11/10/2011 6:18:42 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini
11/10/2011 6:18:42 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini Postponed
11/10/2011 6:18:42 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys
11/10/2011 6:18:42 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys Postponed
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe Postponed
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe Postponed
11/10/2011 6:18:45 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini
11/10/2011 6:18:46 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini Postponed
11/10/2011 6:18:46 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys
11/10/2011 6:18:46 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys Postponed
11/10/2011 6:18:58 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini
11/10/2011 6:18:58 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys
11/10/2011 6:18:58 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini Postponed
11/10/2011 6:18:58 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys Postponed
11/10/2011 6:19:04 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini
11/10/2011 6:19:04 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini Postponed
11/10/2011 6:19:04 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys
11/10/2011 6:19:04 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys Postponed
11/10/2011 6:19:05 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini
11/10/2011 6:19:05 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini Postponed
11/10/2011 6:19:05 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/10/2011 6:19:05 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/10/2011 6:30:44 PM Detected: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class
11/10/2011 6:30:44 PM Untreated: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class Postponed
11/10/2011 6:40:39 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 6:40:39 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/10/2011 6:49:00 PM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/10/2011 6:58:42 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/10/2011 7:05:51 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 7:06:41 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:06:41 PM Untreated: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe Postponed
11/10/2011 7:09:07 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 7:25:05 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/10/2011 7:26:55 PM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/10/2011 7:27:25 PM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/10/2011 7:27:47 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Deleted: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Written to report
11/10/2011 7:27:58 PM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/11/2011 6:46:13 AM Task completed
11/11/2011 6:46:13 AM Deleted: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:46:13 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Cannot be disinfected
11/11/2011 6:46:13 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:46:13 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/11/2011 6:46:13 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/11/2011 6:46:13 AM Deleted: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:46:13 AM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:46:12 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/11/2011 6:46:05 AM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/11/2011 6:46:01 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:45:57 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 6:45:41 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 6:43:59 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:43:50 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:43:27 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:42:37 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:41:53 AM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/11/2011 6:41:53 AM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/11/2011 6:38:15 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:38:15 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:37:55 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Postponed
11/11/2011 6:37:55 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Postponed
11/11/2011 6:37:55 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/11/2011 6:37:55 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/11/2011 6:37:55 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Postponed
11/11/2011 6:37:54 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:37:53 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Postponed
11/11/2011 6:37:53 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/11/2011 6:37:53 AM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe Postponed
11/11/2011 6:37:53 AM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:37:31 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:37:24 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:37:19 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:34:12 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:34:00 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/11/2011 6:51:20 AM Task started
11/11/2011 6:51:38 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:51:41 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:51:43 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:51:46 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:51:46 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:53:39 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:54:25 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:54:41 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:54:46 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:55:17 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 6:55:20 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 6:55:23 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:55:25 AM Task completed
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/11/2011 7:01:48 AM Task completed
11/11/2011 7:01:48 AM Deleted: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 7:01:41 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Cannot be disinfected
11/11/2011 7:01:41 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 7:01:38 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 7:01:36 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 7:01:31 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 7:00:59 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 7:00:53 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 7:00:39 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:59:50 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:57:58 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:57:58 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:57:55 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:57:52 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:57:50 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:57:31 AM Task started
Disinfect active threats: completed 11/6/2011 12:03:02 AM (events: 305, objects: , time: 00:00:00)
11/12/2011 4:55:36 PM Task completed
11/12/2011 4:55:31 PM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/12/2011 4:55:21 PM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/12/2011 4:54:47 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/12/2011 4:53:29 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini Postponed
11/12/2011 4:53:29 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini
11/12/2011 4:53:11 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/12/2011 4:53:02 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/12/2011 4:52:41 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/12/2011 4:51:52 PM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/12/2011 4:49:01 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini Postponed
11/12/2011 4:49:01 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini
11/12/2011 4:47:56 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/12/2011 4:47:51 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/12/2011 4:47:42 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/12/2011 4:46:48 PM Task started

#17 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 13 November 2011 - 06:12 AM

Hi,

this is looking promising :) The entries that are still found, are backups and not part of an active infection. :) How is the PC doing?


Please update the programs that Kaspersky lists as outdated:

Quote

11/11/2011 7:01:38 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 7:01:36 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 7:00:59 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 7:00:53 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/12/2011 4:47:56 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 7:00:39 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL

You can do this by uninstalling (and afterwards downloading the latest version of) Flash, Shockwave, AnyDVD and Quicktime.
Go to Add/Removes programs and uninstall these programs:
  • Macromedia Flash Player 8
  • Adobe Shockwave Player
  • AnyDVD
  • Quicktime

Afterwards visit the following websites to download the latest versions of the program in question. Follow the directions and make sure to untick all possible toolbar or additional program they offer:
Download Flash from here: http://www.adobe.com/software/flash/about/
Download Shockwave here: http://get.adobe.com/shockwave
Download Quicktime here: http://www.apple.com/quicktime/download/
Download AnyDvd here: http://www.slysoft.com/en/download.html
If you believe that there are any of these items that you no longer neeed, simply uninstall but don't reinstall.

Please also update Adobe and Java:
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. In particular J2SE Runtime Environment 5.0 Update 6.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Please also update Adobe Reader:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

Let me know if you run into any problems with this!
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#18 User is offline   redwriter99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 10-November 11

Posted 13 November 2011 - 07:47 AM

The following item from kaspersky (active) warning popped up-

c:\system volume information\_restore{85d8f67a-9556-4d4d-a80c-b684fccbe8c6}\rp262\a0064282.ini

associated with backdoor.win32.zaccess.ang

I clicked 'delete', but it seemed odd that after all this time, this warning came up.
After all the updates, I'll reboot and run another full scan from Kaspersky. I'll post it in the next post below.

#19 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 13 November 2011 - 07:53 AM

Hi,

yes, anything that is in c:\system volume information, is a backup and not a danger to your PC. We will delete them at the very end, when we uninstall ComboFix.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#20 User is offline   redwriter99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 10-November 11

Posted 13 November 2011 - 08:08 AM

full scan from kaspersky below 11-13-2011... let me know if u think everything looks okay. thank you so much for all the help :)

Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/5/2011 11:30:25 PM Task started
11/5/2011 11:47:29 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/5/2011 11:54:12 PM Detected: Trojan.Win32.Patched.mf C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11/6/2011 12:03:04 AM Task completed
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 12:11:29 AM Task completed
11/6/2011 12:11:03 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:17 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:10:13 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:10:03 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:10:02 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 12:18:48 AM Task completed
11/6/2011 12:18:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:45 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:16:40 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:16:32 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:32 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:16:31 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 12:43:57 AM Task completed
11/6/2011 12:43:31 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:58 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:42:56 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 12:52:36 AM Task completed
11/6/2011 12:52:09 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:29 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet003\Services\e6a756f5\e6a756f5
11/6/2011 12:51:27 AM Deleted: Backdoor.Win32.ZAccess.ob HKLM\System\ControlSet001\Services\e6a756f5\e6a756f5
11/6/2011 12:51:23 AM Will be deleted on system restart: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 12:51:23 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 12:57:55 AM Task stopped
11/6/2011 12:56:55 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 1:38:29 AM Task stopped
11/6/2011 1:38:09 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 3:20:51 AM Task completed
11/6/2011 3:20:25 AM Detected: http://www.viruslist.com/en/advisories/46113 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/6/2011 3:20:19 AM Detected: http://www.viruslist.com/en/advisories/45584 C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
11/6/2011 3:17:23 AM Detected: http://www.viruslist.com/en/advisories/23655 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/6/2011 2:59:35 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 2:59:03 AM Untreated: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe Postponed
11/6/2011 2:58:58 AM Detected: Trojan-Dropper.Win32.Delf.jkq C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe
11/6/2011 2:57:27 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 2:54:35 AM Untreated: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe Postponed
11/6/2011 2:54:33 AM Detected: Trojan.Win32.FakeAV.bijh C:\Program Files\Mozilla Firefox\null0.10817696368204033.exe
11/6/2011 2:45:58 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/6/2011 2:38:48 AM Detected: http://www.viruslist.com/en/advisories/43269 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll
11/6/2011 2:34:36 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/6/2011 2:19:29 AM Processing error: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35
11/6/2011 2:19:29 AM Untreated: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000 Postponed
11/6/2011 2:19:29 AM Detected: Exploit.JS.Pdfka.dcl C:\Documents and Settings\Carrie\Local Settings\Temp\plugtmp-41\plugin-s002102317801r0409J06000501Rd217db61Xde57692eY925e609dZ03007f35/data0000
11/6/2011 2:17:48 AM Untreated: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe Postponed
11/6/2011 2:17:47 AM Detected: Trojan.Win32.FraudPack.cmip C:\Documents and Settings\Carrie\Local Settings\Temp\nlkkyn.exe
11/6/2011 2:17:44 AM Untreated: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class Postponed
11/6/2011 2:17:44 AM Detected: Exploit.Java.Agent.u C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/Main.class
11/6/2011 2:17:44 AM Untreated: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class Postponed
11/6/2011 2:17:44 AM Detected: Trojan-Downloader.Java.Agent.eq C:\Documents and Settings\Carrie\Local Settings\Temp\jar_cache6623.tmp/AppletPanel.class
11/6/2011 2:17:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/6/2011 2:17:35 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/6/2011 2:17:32 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/6/2011 2:17:32 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/6/2011 2:17:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/6/2011 2:17:25 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/6/2011 2:16:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe Postponed
11/6/2011 2:16:38 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 2:13:35 AM Untreated: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3 Postponed
11/6/2011 2:13:34 AM Detected: Trojan-Downloader.WMA.GetCodec.n C:\Documents and Settings\Carrie\Incomplete\T-3877627-Miley Cyrus- Breakout.mp3
11/6/2011 2:01:04 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class Postponed
11/6/2011 2:01:04 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/cooter.class
11/6/2011 2:01:03 AM Untreated: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class Postponed
11/6/2011 2:01:03 AM Detected: Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\player.jar-cd48485-53f95dd4.zip/lort/border.class
11/6/2011 2:01:00 AM Detected: http://www.viruslist.com/en/advisories/41917 C:\Documents and Settings\Carrie\Application Data\Microsoft\Installer\{721C0B3A-3E8E-445B-B81E-651699B87945}\easyprint_FPO.exe
11/6/2011 1:50:14 AM Task started
11/6/2011 1:48:45 AM Task stopped
11/6/2011 1:43:44 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini Postponed
11/6/2011 1:43:43 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062207.ini
11/6/2011 1:43:42 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini Postponed
11/6/2011 1:43:42 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062180.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062164.ini
11/6/2011 1:43:41 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini Postponed
11/6/2011 1:43:41 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062147.ini
11/6/2011 1:43:40 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini Postponed
11/6/2011 1:43:40 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062127.ini
11/6/2011 1:43:39 AM Untreated: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe Postponed
11/6/2011 1:43:39 AM Detected: Trojan.Win32.Patched.mf C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062106.exe
11/6/2011 1:43:39 AM Untreated: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini Postponed
11/6/2011 1:43:38 AM Detected: Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062107.ini
11/6/2011 1:41:42 AM Detected: http://www.viruslist.com/en/advisories/45516 C:\Program Files\quicktime\quicktimeplayer.exe
11/6/2011 1:41:35 AM Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files\microsoft office\office12\onenote.exe
11/6/2011 1:41:03 AM Detected: http://www.viruslist.com/en/advisories/34269 C:\Program Files\slysoft\anydvd\anydvd.exe
11/6/2011 1:40:42 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:42 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:40:39 AM Detected: http://www.viruslist.com/en/advisories/40937 C:\Program Files\microsoft office\office12\winword.exe
11/6/2011 1:40:07 AM Untreated: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe Postponed
11/6/2011 1:40:07 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 1:38:58 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 8:55:39 AM Task started
11/6/2011 9:00:14 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:03:04 AM Task completed
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 9:18:25 AM Task completed
11/6/2011 9:18:01 AM Deleted: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:50 AM Disinfected: Trojan.Win32.Diple.coqt HKEY_USERS\S-1-5-21-3797448573-3364105993-1231677288-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
11/6/2011 9:17:46 AM Detected: Trojan.Win32.Diple.coqt C:\Documents and Settings\Carrie\Local Settings\Application Data\e6a756f5\x
11/6/2011 9:17:15 AM Detected: Backdoor.Win32.ZAccess.ob C:\WINDOWS\4116096998:425240842.exe
11/6/2011 9:16:23 AM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Carrie\Local Settings\Application Data\jlhwcymuc\fuaibittssd.exe
11/6/2011 9:16:23 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/6/2011 9:26:04 AM Task completed
11/6/2011 9:25:37 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/10/2011 6:03:18 PM Task stopped
11/10/2011 6:03:15 PM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/10/2011 6:15:26 PM Task started
11/10/2011 6:16:55 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 6:17:00 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 6:17:07 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062105.sys Postponed
11/10/2011 6:18:19 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys
11/10/2011 6:18:19 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062126.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys
11/10/2011 6:18:20 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062146.sys Postponed
11/10/2011 6:18:20 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062163.sys Postponed
11/10/2011 6:18:21 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys
11/10/2011 6:18:21 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062179.sys Postponed
11/10/2011 6:18:22 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys
11/10/2011 6:18:22 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062206.sys Postponed
11/10/2011 6:18:23 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/10/2011 6:18:24 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe Postponed
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe
11/10/2011 6:18:24 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062223.exe Postponed
11/10/2011 6:18:24 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Postponed
11/10/2011 6:18:25 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini
11/10/2011 6:18:25 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062229.ini Postponed
11/10/2011 6:18:25 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys
11/10/2011 6:18:25 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062228.sys Postponed
11/10/2011 6:18:28 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe
11/10/2011 6:18:28 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062226.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Postponed
11/10/2011 6:18:28 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 6:18:28 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Postponed
11/10/2011 6:18:29 PM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe
11/10/2011 6:18:29 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys
11/10/2011 6:18:29 PM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062270.exe Postponed
11/10/2011 6:18:29 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062273.sys Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062274.ini Postponed
11/10/2011 6:18:30 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini
11/10/2011 6:18:30 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062294.ini Postponed
11/10/2011 6:18:31 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/10/2011 6:18:31 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Postponed
11/10/2011 6:18:32 PM Detected: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe
11/10/2011 6:18:32 PM Untreated: Trojan-Dropper.Win32.Delf.jkq c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062271.exe Postponed
11/10/2011 6:18:33 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini
11/10/2011 6:18:33 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062501.ini Postponed
11/10/2011 6:18:33 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys
11/10/2011 6:18:33 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062500.sys Postponed
11/10/2011 6:18:35 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini
11/10/2011 6:18:35 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062522.ini Postponed
11/10/2011 6:18:35 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys
11/10/2011 6:18:35 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP253\A0062521.sys Postponed
11/10/2011 6:18:36 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini
11/10/2011 6:18:36 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062539.ini Postponed
11/10/2011 6:18:36 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys
11/10/2011 6:18:36 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP254\A0062538.sys Postponed
11/10/2011 6:18:42 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini
11/10/2011 6:18:42 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062591.ini Postponed
11/10/2011 6:18:42 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys
11/10/2011 6:18:42 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP256\A0062590.sys Postponed
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe
11/10/2011 6:18:44 PM Detected: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062602.exe Postponed
11/10/2011 6:18:44 PM Untreated: Trojan.Win32.Patched.mf c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062603.exe Postponed
11/10/2011 6:18:45 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini
11/10/2011 6:18:46 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062614.ini Postponed
11/10/2011 6:18:46 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys
11/10/2011 6:18:46 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP257\A0062613.sys Postponed
11/10/2011 6:18:58 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini
11/10/2011 6:18:58 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys
11/10/2011 6:18:58 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062646.ini Postponed
11/10/2011 6:18:58 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062645.sys Postponed
11/10/2011 6:19:04 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini
11/10/2011 6:19:04 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062664.ini Postponed
11/10/2011 6:19:04 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys
11/10/2011 6:19:04 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0062663.sys Postponed
11/10/2011 6:19:05 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini
11/10/2011 6:19:05 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063670.ini Postponed
11/10/2011 6:19:05 PM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/10/2011 6:19:05 PM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/10/2011 6:30:44 PM Detected: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class
11/10/2011 6:30:44 PM Untreated: Exploit.Java.CVE-2010-0840.eh c:\Documents and Settings\Carrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-6fc64319-75f244f5.zip/json/Parser.class Postponed
11/10/2011 6:40:39 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 6:40:39 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/10/2011 6:40:40 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 6:40:40 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Postponed
11/10/2011 6:49:00 PM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/10/2011 6:58:42 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/10/2011 7:05:51 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/10/2011 7:06:41 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:06:41 PM Untreated: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe Postponed
11/10/2011 7:09:07 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/10/2011 7:25:05 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/10/2011 7:26:55 PM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/10/2011 7:27:25 PM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/10/2011 7:27:47 PM Detected: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Deleted: Trojan-FakeAV.Win32.FakeRecovery.i c:\program files\Mozilla Firefox\0.0364404620499017.exe
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Written to report
11/10/2011 7:27:57 PM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/10/2011 7:27:57 PM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Application Data\vtpqugyhb\bhksglptssd.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Written to report
11/10/2011 7:27:58 PM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe
11/10/2011 7:27:58 PM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\fjiwnr.exe Written to report
11/10/2011 7:27:58 PM Task completed
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/11/2011 6:46:13 AM Task completed
11/11/2011 6:46:13 AM Deleted: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:46:13 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Cannot be disinfected
11/11/2011 6:46:13 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:46:13 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/11/2011 6:46:13 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/11/2011 6:46:13 AM Deleted: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:46:13 AM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:46:12 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/11/2011 6:46:05 AM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/11/2011 6:46:01 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:45:57 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 6:45:41 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 6:43:59 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:43:50 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:43:27 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:42:37 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:41:53 AM Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe Postponed
11/11/2011 6:41:53 AM Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\Carrie\Local Settings\Temp\hydnqa.exe
11/11/2011 6:38:15 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:38:15 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:37:55 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe Postponed
11/11/2011 6:37:55 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe Postponed
11/11/2011 6:37:55 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062268.exe
11/11/2011 6:37:55 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062269.exe
11/11/2011 6:37:55 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys Postponed
11/11/2011 6:37:54 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062293.sys
11/11/2011 6:37:53 AM Untreated: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe Postponed
11/11/2011 6:37:53 AM Detected: HEUR:Trojan.Win32.Generic c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062224.exe
11/11/2011 6:37:53 AM Untreated: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe Postponed
11/11/2011 6:37:53 AM Detected: Trojan.Win32.FakeAV.bijh c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP252\A0062225.exe
11/11/2011 6:37:31 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:37:24 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:37:19 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:34:12 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:34:00 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/11/2011 6:51:20 AM Task started
11/11/2011 6:51:38 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:51:41 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:51:43 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:51:46 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:51:46 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:53:39 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:54:25 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:54:41 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:54:46 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:55:17 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 6:55:20 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 6:55:23 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 6:55:25 AM Task completed
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/11/2011 7:01:48 AM Task completed
11/11/2011 7:01:48 AM Deleted: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 7:01:41 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Cannot be disinfected
11/11/2011 7:01:41 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 7:01:38 AM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/11/2011 7:01:36 AM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/11/2011 7:01:31 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/11/2011 7:00:59 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 7:00:53 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 7:00:39 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/11/2011 6:59:50 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/11/2011 6:57:58 AM Untreated: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys Postponed
11/11/2011 6:57:58 AM Detected: Rootkit.Win32.ZAccess.g c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP260\A0063669.sys
11/11/2011 6:57:55 AM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/11/2011 6:57:52 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/11/2011 6:57:50 AM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/11/2011 6:57:31 AM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/12/2011 4:55:36 PM Task completed
11/12/2011 4:55:31 PM Detected: http://www.viruslist.com/en/advisories/46113 c:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
11/12/2011 4:55:21 PM Detected: http://www.viruslist.com/en/advisories/45584 c:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
11/12/2011 4:54:47 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/12/2011 4:53:29 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini Postponed
11/12/2011 4:53:29 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini
11/12/2011 4:53:11 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/12/2011 4:53:02 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/12/2011 4:52:41 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/12/2011 4:51:52 PM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/12/2011 4:49:01 PM Untreated: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini Postponed
11/12/2011 4:49:01 PM Detected: Backdoor.Win32.ZAccess.ang c:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP262\A0064282.ini
11/12/2011 4:47:56 PM Detected: http://www.viruslist.com/en/advisories/45516 c:\program files\quicktime\quicktimeplayer.exe
11/12/2011 4:47:51 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/12/2011 4:47:42 PM Detected: http://www.viruslist.com/en/advisories/34269 c:\program files\slysoft\anydvd\anydvd.exe
11/12/2011 4:46:48 PM Task started
Full Scan: completed 11/13/2011 8:01:44 AM (events: 7, objects: 165130, time: 00:14:50)
11/13/2011 7:46:54 AM Task started
11/13/2011 7:48:38 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/13/2011 7:56:45 AM Detected: http://www.viruslist.com/en/advisories/41917 c:\program files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
11/13/2011 7:57:51 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
11/13/2011 7:58:51 AM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\microsoft office\office12\onenote.exe
11/13/2011 8:01:22 AM Detected: http://www.viruslist.com/en/advisories/23655 c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msxml6.dll
11/13/2011 8:01:44 AM Task completed

#21 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 13 November 2011 - 09:18 AM

Hi,

that looks good. Do you have any more issues with the PC?

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#22 User is offline   redwriter99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 10-November 11

Posted 13 November 2011 - 09:32 AM

PC seems to be running fine. I applied the patches recommended by Kaspersky at the end of the last full scan (Office, Core XML, etc) and just reran with no findings by Kaspersky. Let me know what to do next... thanks again for your awesome help! :)

#23 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 13 November 2011 - 09:36 AM

Hi,

great! :)

As a final step please remove the tools we used:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Posted Image

    • Download OTC from the following mirror and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.

  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#24 User is offline   redwriter99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 10-November 11

Posted 13 November 2011 - 10:07 AM

Thanks again for all your help!! :thumbsup:

Since I run Kaspersky (always on), how often do you suggest I run Malwarebytes, SuperAntiSpyware, and Spyblaster?

#25 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 13 November 2011 - 12:12 PM

Hi,

you don't need to run spywareblaster often. It only needs to be run when updated.

You don't need to run Malwarebytes and SASW often, once a week or even less frequently should be fine. But be sure to remember to update before running them. Malwarebytes as a quick scan, which you can use to run the scan and will be done quickly.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#26 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,520
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 03 December 2011 - 09:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users