[SOLVED] Possible Trojan Dldr.Small.bjd

kmacdona · 12-15-2007, 04:59 PM

AVG has found many Trojans named Spy.Bzub.AD and quarantined them and recently found two trojans named Dldr.Small.bjd in .tmp files. It quarantined them but I cannot remove the files, even in safe mode. System says file is in use. It was been two years since my last Hijack This checkup so I figured it might be time.

Here is the Deckerd System Scan
Deckard's System Scanner v20071014.68
Run by Kevin Macdonald on 2007-12-15 15:29:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
106: 2007-12-15 23:30:02 UTC - RP1094 - Deckard's System Scanner Restore Point
105: 2007-12-15 17:17:13 UTC - RP1093 - System Checkpoint
104: 2007-12-14 16:00:49 UTC - RP1092 - Software Distribution Service 3.0
103: 2007-12-14 00:57:47 UTC - RP1091 - System Checkpoint
102: 2007-12-13 00:45:50 UTC - RP1090 - Software Distribution Service 3.0

-- First Restore Point --
1: 2007-09-17 16:56:13 UTC - RP989 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-15 15:31:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kevin Macdonald\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://support.seagate.com/support/d...npseatools.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 13360 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 idrmkl - c:\docume~1\kevinm~1\locals~1\temp\idrmkl.sys (file missing)
S3 vncdrv - c:\windows\system32\drivers\vncdrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 Roxio Upnp Server 9 - "c:\program files\common files\sonic shared\roxioupnpservice9.exe" (file missing)
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 Roxio UPnP Renderer 9 - "c:\program files\common files\sonic shared\roxioupnprenderer9.exe" (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-15 11:10:50 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-15 14:09:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-15 14:09:28 0 d-------- C:\WINDOWS\LastGood
2007-12-15 10:49:18 0 d-------- C:\VundoFix Backups
2007-12-08 13:20:10 0 d-------- C:\Program Files\CoffeeCup SoftwareWebsiteFont
2007-12-08 13:19:47 233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >
2007-12-08 13:19:47 18944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2007-12-07 22:09:40 196608 --a------ C:\WINDOWS\system32\Utility.dll <Not Verified; Netsmartz; DocSmartz>
2007-12-07 22:09:39 204848 --a------ C:\WINDOWS\system32\gswin32c.exe
2007-12-07 22:09:37 0 d-------- C:\WINDOWS\system32\gs
2007-12-07 22:09:29 979456 --a------ C:\WINDOWS\system32\Pg32.dll <Not Verified; Three D Graphics; Presentation Graphics SDK>
2007-12-07 22:09:29 270336 --a------ C:\WINDOWS\system32\P2sodbc.dll <Not Verified; Seagate Software Information Management Group, Inc.; Seagate Crystal Reports>
2007-12-07 22:09:29 54272 --a------ C:\WINDOWS\system32\P2irdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2007-12-07 22:09:29 229888 --a------ C:\WINDOWS\system32\Crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2007-12-07 22:09:29 0 d-------- C:\WINDOWS\CRYSTAL
2007-12-07 22:09:28 50176 --a------ C:\WINDOWS\system32\P2ctdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2007-12-07 22:09:28 87040 --a------ C:\WINDOWS\system32\P2bdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2007-12-07 22:09:28 59392 --a------ C:\WINDOWS\system32\P2bbnd.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports For Windows>
2007-12-07 22:09:28 18944 --a------ C:\WINDOWS\system32\Implode.dll <Not Verified; ; Implode Application>
2007-12-07 22:09:28 748160 --a------ C:\WINDOWS\system32\Co2c40en.dll <Not Verified; ; Crystal Reports for Visual Basic>
2007-12-07 22:09:27 5350912 --a------ C:\WINDOWS\system32\Crpe32.dll <Not Verified; Seagate Software, Inc.; Seagate Crystal Reports>
2007-12-07 22:09:24 0 d-------- C:\Program Files\TrialPDF-file
2007-11-21 21:23:11 0 d-------- C:\Documents and Settings\Kevin Macdonald\.DownloadManager
2007-11-21 20:25:50 0 d-------- C:\Program Files\Bonjour
2007-11-21 20:14:20 0 d-------- C:\Program Files\Common Files\Macrovision Shared

-- Find3M Report ---------------------------------------------------------------

2007-12-15 14:44:41 0 d-------- C:\Program Files\Windows Defender
2007-12-15 14:42:12 0 d-------- C:\Program Files\SpywareGuard
2007-12-15 14:42:06 0 d-------- C:\Program Files\SmartFTP Client
2007-12-15 14:41:57 0 d-------- C:\Program Files\QuickTime
2007-12-15 14:35:19 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-12-15 14:30:37 0 d-------- C:\Program Files\AlienGUIse
2007-12-09 14:00:10 0 d-------- C:\Program Files\CoffeeCup Software
2007-12-07 21:53:31 0 d-------- C:\Documents and Settings\Kevin Macdonald\Application Data\AdobeUM
2007-12-07 21:48:40 0 d-------- C:\Documents and Settings\Kevin Macdonald\Application Data\Adobe
2007-12-07 19:49:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-21 20:14:20 0 d-------- C:\Program Files\Common Files
2007-11-03 17:08:47 0 d-------- C:\Program Files\Java
2007-10-21 21:42:13 40 --a------ C:\Documents and Settings\Kevin Macdonald\Application Data\ftpfile.dat
2007-10-21 17:58:00 0 d-------- C:\Documents and Settings\Kevin Macdonald\Application Data\CoffeeCup Software
2007-10-21 17:57:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-21 17:01:08 0 d-------- C:\Documents and Settings\Kevin Macdonald\Application Data\SmartFTP
2007-10-21 16:59:31 0 d-------- C:\Documents and Settings\Kevin Macdonald\Application Data\FileZilla
2007-09-28 16:19:53 1024 --a------ C:\Documents and Settings\Kevin Macdonald\Application Data\WavCodec.wff
2007-09-15 13:31:04 5505 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/25/2005 09:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/25/2005 09:29 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 03:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/25/2005 09:32 AM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [05/19/2006 09:27 AM]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 09:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 02:32 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 PM C:\WINDOWS\ALCMTR.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [10/10/2007 10:30 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/10/2005 03:04 PM]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [07/04/2005 09:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [05/19/2004 12:16 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\Kevin Macdonald\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 12/20/2001 10:34 PM 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

*Newly Created Service* - RKPAVPROC

-- Hosts -----------------------------------------------------------------------

64.91.255.87 www.dcsresearch.com
205.238.40.52 www.winmx.com err.winmx.com
205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com

16 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-15 15:32:19 ------------

The Panda Active Scan:

Incident Status Location

Adware:Adware/Startpage.ACY Not disinfected C:\Program Files\Support.com\adelphia\scripts\IEconfig.vbs
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.zedo.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.kinghost.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.realmedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.cs.sexcounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.belnk.com/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.revenue.net/]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][hc2.humanclick.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.maxserving.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Enhance Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][c.enhance.com/]
Spyware:Cookie/did-it Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.did-it.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.adrevolver.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.atwola.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.statcounter.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.fortunecity.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\32673_548c32d58_[cookies.txt][www.burstbeacon.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.bravenet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.statcounter.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.azjmp.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.cs.sexcounter.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.ccbill.com/]
Spyware:Cookie/Go Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.go.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.fortunecity.com/]
Spyware:Cookie/GoStats Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.gostats.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.belnk.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][sel.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.atwola.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.realmedia.com/]
Spyware:Cookie/did-it Not disinfected C:\Program Files\Support.com\backup\co\cookies.txt\45679_5a41f9cd9_[cookies.txt][.did-it.com/]
I've also attached the Deckard Extra.txt file.

Thanks for everything you guys/gals do!

MaC

kmacdona · 12-17-2007, 06:45 PM

Bump up

kmacdona · 12-21-2007, 10:12 PM

Will someone take a look?

**LonnyRJones** · 12-22-2007, 02:37 AM

Hello kmacdona
Sounds like you tried to manualy delete them ?
If not do try
Event Record #/Type4731 / Warning
Event Submitted/Written: 12/14/2007 08:03:34 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Dldr.Small.bjd'
in the file
C:\Documents and Settings\Kevin Macdonald\Local Settings\Temp\~DFD505.tmp

Event Record #/Type4730 / Warning
Event Submitted/Written: 12/14/2007 08:03:21 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Dldr.Small.bjd'
in the file
C:\Documents and Settings\Kevin Macdonald\Local Settings\Temp\~DFA023.tmp

quote the whole message you get when attempting to delete them manualy

kmacdona · 12-22-2007, 02:28 PM

Thanks LonnyRJones for taking a look.
I went back to the file location to try to delete again to find that they have been renamed to ~DFB119.tmp and ~DFE487.tmp.
They are the only two files in that location. The same problems persists,they cannot be deleted. My PC wants to associate them both with Excel just as before. Don't know if that makes a difference.

When I try to delete them I get the following message: "Cannot delete~DF119: It is being used by another person or program. Close any programs that might be using the file and try again."

I also booted in safe mode with the C>prompt to delete, but it didn't work.
I also ran "Who Lock Me" which didn't do anything.
MaC

**LonnyRJones** · 12-22-2007, 07:31 PM

Try this program on them
Delete FXP Files
http://www.jrtwine.com/products/dfxp/index.htm

**LonnyRJones** · 12-22-2007, 08:02 PM

If they still wont delete right click on one of the files and open it with notepad, my guess is they are related to adobe.

kmacdona · 12-22-2007, 10:09 PM

Ran Delete FXP files but received the following error:
"The process cannot access the file because it's being used by another program."
Tried to open with Notepad and everything was in Chinese characters.
I then went and tried to remove any Adobe stuff I had, specifically Dreamweaver CS3 (trial version).

Went back and noticed the temp files have renamed themselves again to ~DFB5CB.tmp and ~DFE422.tmp.
Ran clean up and rebooted. Then noticed the file names changed again. Mind you they are the only two .tmp files in this directory. This time the file names are ~DFAE6D.tmp and ~DFDF4A.tmp. It also added another I can't remove. ~Perflb_Perdata_3/c

You spoke of Adobe, and I did notice in the past that Adobe wanted to update itself, but when it did it was trying to install something different. For example, it said that it wanted to update to version 8.0.1etc then it installed Adobe Manager.?

MaC

**LonnyRJones** · 12-22-2007, 11:55 PM

Lets get you to submit them at virus total, but i do believe they are abobe related/safe.
You may have to reboot a couple times otherwise all the ~random.tmp will be in use
http://www.virustotal.com/

Not to worry about the Perflb_Perdata file

kmacdona · 12-23-2007, 01:12 PM

File _DFAE6D.tmp received on 12.23.2007 21:02:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

File _DFDF4A.tmp received on 12.23.2007 21:07:49 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

**LonnyRJones** · 12-23-2007, 01:24 PM

Nothing found in them ?

Is your AntiVir still alerting ?
If so we should find there support forum and post about this

12-17-2007, 06:45 PM	#2 (permalink)
kmacdona Registered User Join Date: Mar 2005 Posts: 22 OS: Windows XP	Re: Possible Trojan Dldr.Small.bjd Bump up

12-21-2007, 10:12 PM	#3 (permalink)
kmacdona Registered User Join Date: Mar 2005 Posts: 22 OS: Windows XP	Re: Possible Trojan Dldr.Small.bjd? Will someone take a look?

12-22-2007, 02:37 AM	#4 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Re: Possible Trojan Dldr.Small.bjd Hello kmacdona Sounds like you tried to manualy delete them ? If not do try Event Record #/Type4731 / Warning Event Submitted/Written: 12/14/2007 08:03:34 AM Event ID/Source: 4113 / H+BEDV AntiVir Event Description: AntiVir has detected 'TR/Dldr.Small.bjd' in the file C:\Documents and Settings\Kevin Macdonald\Local Settings\Temp\~DFD505.tmp Event Record #/Type4730 / Warning Event Submitted/Written: 12/14/2007 08:03:21 AM Event ID/Source: 4113 / H+BEDV AntiVir Event Description: AntiVir has detected 'TR/Dldr.Small.bjd' in the file C:\Documents and Settings\Kevin Macdonald\Local Settings\Temp\~DFA023.tmp quote the whole message you get when attempting to delete them manualy __________________ Our help is voluntary. But this site needs donations to operate.

12-22-2007, 02:28 PM	#5 (permalink)
kmacdona Registered User Join Date: Mar 2005 Posts: 22 OS: Windows XP	Re: Possible Trojan Dldr.Small.bjd Thanks LonnyRJones for taking a look. I went back to the file location to try to delete again to find that they have been renamed to ~DFB119.tmp and ~DFE487.tmp. They are the only two files in that location. The same problems persists,they cannot be deleted. My PC wants to associate them both with Excel just as before. Don't know if that makes a difference. When I try to delete them I get the following message: "Cannot delete~DF119: It is being used by another person or program. Close any programs that might be using the file and try again." I also booted in safe mode with the C>prompt to delete, but it didn't work. I also ran "Who Lock Me" which didn't do anything. MaC Last edited by kmacdona : 12-22-2007 at 02:35 PM.

12-22-2007, 07:31 PM	#6 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Re: Possible Trojan Dldr.Small.bjd Try this program on them Delete FXP Files http://www.jrtwine.com/products/dfxp/index.htm __________________ Our help is voluntary. But this site needs donations to operate.

12-22-2007, 08:02 PM	#7 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Re: Possible Trojan Dldr.Small.bjd If they still wont delete right click on one of the files and open it with notepad, my guess is they are related to adobe. __________________ Our help is voluntary. But this site needs donations to operate.

12-22-2007, 10:09 PM	#8 (permalink)
kmacdona Registered User Join Date: Mar 2005 Posts: 22 OS: Windows XP	Re: Possible Trojan Dldr.Small.bjd Ran Delete FXP files but received the following error: "The process cannot access the file because it's being used by another program." Tried to open with Notepad and everything was in Chinese characters. I then went and tried to remove any Adobe stuff I had, specifically Dreamweaver CS3 (trial version). Went back and noticed the temp files have renamed themselves again to ~DFB5CB.tmp and ~DFE422.tmp. Ran clean up and rebooted. Then noticed the file names changed again. Mind you they are the only two .tmp files in this directory. This time the file names are ~DFAE6D.tmp and ~DFDF4A.tmp. It also added another I can't remove. ~Perflb_Perdata_3/c You spoke of Adobe, and I did notice in the past that Adobe wanted to update itself, but when it did it was trying to install something different. For example, it said that it wanted to update to version 8.0.1etc then it installed Adobe Manager.? MaC

12-22-2007, 11:55 PM	#9 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Re: Possible Trojan Dldr.Small.bjd Lets get you to submit them at virus total, but i do believe they are abobe related/safe. You may have to reboot a couple times otherwise all the ~random.tmp will be in use http://www.virustotal.com/ Not to worry about the Perflb_Perdata file __________________ Our help is voluntary. But this site needs donations to operate.

12-23-2007, 01:12 PM	#10 (permalink)
kmacdona Registered User Join Date: Mar 2005 Posts: 22 OS: Windows XP	Re: Possible Trojan Dldr.Small.bjd File _DFAE6D.tmp received on 12.23.2007 21:02:53 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File _DFDF4A.tmp received on 12.23.2007 21:07:49 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%)

12-23-2007, 01:24 PM	#11 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Re: Possible Trojan Dldr.Small.bjd Nothing found in them ? Is your AntiVir still alerting ? If so we should find there support forum and post about this __________________ Our help is voluntary. But this site needs donations to operate.