Hi,
AVG first reported a Win32/Heur and VBS/Generic virus on my laptop yesterday (some 2563 files and 74 more today).
I have since been following the 8 steps guide, here are the logs (except GMER which caused bsod twice).
"Scan ""Scan whole computer"" completed."
"Infections";"74";"74";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"12 October 2010, 19:20:12"
"Scan finished:";"12 October 2010, 20:40:56 (1 hour(s) 20 minute(s) 43 second(s))"
"Total object scanned:";"265686"
"User who launched the scan:";"Zoe"
"Infections"
"File";"Infection";"Result"
"C:\TOOLSCD\Sound Driver\WDM\RTLCPL.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\igfxress.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\ialmgicd.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Config Free\Package\NDSFiles\NDSParts.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\MSRDPCLI.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\FASTWIZ.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\directx8a\dsetup32.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\RecordNow.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\gdiplus.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\SMART Technologies Inc\Notebook Software\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkRotateLib3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbTransfer.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbPProj.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbNEF.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NEFLibrary3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\Asteroid6.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\freebl3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wkwpac.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksss.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksdb.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Messenger\msmsgs.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\MagicISO\misosh.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Java\jre6\bin\client\jvm.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\WinDVD\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\Common\Bin\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\msxml3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqvwr08.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqtbp01.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\xmlparse.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\ie\5.2.1.1588\plugin_ax.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtGui4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\NkvBurnIM.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\muveePlugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Library\NkBrowseLib4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_01.b08\patchjre.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\DivX Shared\Qt4.5\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Activ Software\qt-mt334.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\Inspire.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\hwr\engine\bin\win-i586\MyScriptHWR.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32U.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32A.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Application Data\U3\temp\Launchpad Removal.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/10/2010 21:40:29
mbam-log-2010-10-12 (21-40-29).txt
Scan type: Quick scan
Objects scanned: 117206
Time elapsed: 8 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\00539421 (Rogue.Multiple) -> No action taken.
C:\Program Files\system32 (Backdoor.Bifrose) -> No action taken.
Files Infected:
C:\Documents and Settings\Zoe\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
AVG first reported a Win32/Heur and VBS/Generic virus on my laptop yesterday (some 2563 files and 74 more today).
I have since been following the 8 steps guide, here are the logs (except GMER which caused bsod twice).
"Scan ""Scan whole computer"" completed."
"Infections";"74";"74";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"12 October 2010, 19:20:12"
"Scan finished:";"12 October 2010, 20:40:56 (1 hour(s) 20 minute(s) 43 second(s))"
"Total object scanned:";"265686"
"User who launched the scan:";"Zoe"
"Infections"
"File";"Infection";"Result"
"C:\TOOLSCD\Sound Driver\WDM\RTLCPL.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\igfxress.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\ialmgicd.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Config Free\Package\NDSFiles\NDSParts.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\MSRDPCLI.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\FASTWIZ.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\directx8a\dsetup32.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\RecordNow.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\gdiplus.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\SMART Technologies Inc\Notebook Software\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkRotateLib3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbTransfer.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbPProj.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbNEF.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NEFLibrary3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\Asteroid6.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\freebl3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wkwpac.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksss.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksdb.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Messenger\msmsgs.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\MagicISO\misosh.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Java\jre6\bin\client\jvm.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\WinDVD\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\Common\Bin\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\msxml3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqvwr08.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqtbp01.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\xmlparse.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\ie\5.2.1.1588\plugin_ax.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtGui4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\NkvBurnIM.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\muveePlugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Library\NkBrowseLib4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_01.b08\patchjre.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\DivX Shared\Qt4.5\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Activ Software\qt-mt334.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\Inspire.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\hwr\engine\bin\win-i586\MyScriptHWR.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32U.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32A.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Application Data\U3\temp\Launchpad Removal.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/10/2010 21:40:29
mbam-log-2010-10-12 (21-40-29).txt
Scan type: Quick scan
Objects scanned: 117206
Time elapsed: 8 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\00539421 (Rogue.Multiple) -> No action taken.
C:\Program Files\system32 (Backdoor.Bifrose) -> No action taken.
Files Infected:
C:\Documents and Settings\Zoe\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.