Virtumonde help please [Archive] - Safer Networking Forums

View Full Version : Virtumonde help please

blackphantom

2007-08-22, 01:17

Virtumonde keeps coming up when I do scans and I get popups whenever I open Internet Explorer and I experience significant speed slowdown. help me please

KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 21, 2007 6:07:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/08/2007
Kaspersky Anti-Virus database records: 386812

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 74451
Number of viruses found: 7
Number of infected objects: 27
Number of suspicious objects: 2
Duration of the scan process: 01:23:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/retadpu1000106.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00C40000\46CDC3CA.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000\47CD9465.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E40000\47EDDD42.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02980000\46D9CE1F.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02980001\46D9D07D.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05400000\47C9CC6E.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000\4ECE1DB3.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0000\4EFD9316.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000\4EEDBC4D.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40000\4EFCE7E4.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40001\4EFCEE1F.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40002\4EFCEE31.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80000\4EF9E639.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80001\4EF9E694.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80004\4EF9ECE3.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ED00000\4EDB1CB0.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000\4FEB0FD1.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F6C0000\4FEEBF30.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F7C0000\4FFDD7D4.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F7C0001.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FDE2CC6.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FDE2E51.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Game.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\HostOptions.map Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\key.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MOTD.dds Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MOTD.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MPCustomizations.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\la001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\lc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\ma001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\mc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\wa001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\wc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbag.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbags.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbcl.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbclgame.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbcls.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbsv.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbsvgame.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Profiles\Profile000.gdb Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Profiles\Profile001.gdb Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\ServerOptions\ExampleServerOptions.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\ServerOptions\ServerOptions0000.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\settings.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 - Carbon Leaf - Life Less Ordinary - Indian Summer_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 SupaSaturation (radio version).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 Windblown.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\02 OK Alone.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\03 Lost Angeles.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Desert Train.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Show Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 - Nickel Creek - This Side - This Side_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 I Just Drove By.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\07 Lighted Up.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\08 If Its Wrong 1.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 - Deanna Carter - Sunny Day - the story of my life_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 When We Are One.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\adam.hood.playsomethingweknow.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.million.miles.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.tuesday.night.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Big Sky190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Carey Ott - Mother Madam_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Clark Country - Track 2.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - It Doesn't Get Any Better Than This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - My Favorite Revolution.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - The Next Time You Go.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Freakhouse - Liars Inc. 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\gandalf_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\GIRL.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Green.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\I Love Lovin U.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Jeff Black - Tin Lily_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacy.crowley.badass.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.blood.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.kindofperfect.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Lie To Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Long Long Time 192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Love Me Too Much190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Marcy Playground - No Ones Boy 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Mas Rapido - Christopher Robin's Dead - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Natural Fool (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Not Hot To Trot.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\NuSensation_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OceanDriveClubMix_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\omar_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OpusOne_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Orange Peels - Something In You - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Rescue Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sister Vikki.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorrow - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorry.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Steady As She Goes (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Swell.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\The Greencards - Time - weather and water_193k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Baby Blue.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Can You Feel It Now.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - You Were Born For This.mp3 Object is locked skipped

CONTINUES IN NEXT POST

blackphantom

2007-08-22, 01:18

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Urbia.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Indiana Sun.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Jealousy (Will Get You).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - She's Dead.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\Black Phantom\Application Data\CiscoCAA\event.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\dfsr.db Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\fsr.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\tmp.edb Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows Live Contacts\black_phantom1@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows Live Contacts\black_phantom1@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DF821F.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DF84FF.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DFA330.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DFE2C9.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DFE315.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Black Phantom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0204NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0363NAV~.TMP Object is locked skipped
C:\Program Files\WinPop\UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 6:12:46 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Downloads\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7546] command /c del "C:\WINDOWS\system32\tusqp.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8244] cmd /c del "C:\WINDOWS\system32\tusqp.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1208] command /c del "C:\WINDOWS\system32\tusqp.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2672] cmd /c del "C:\WINDOWS\system32\tusqp.dll_tobedeleted"
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://www.gamensurf.game-host.org/WebDvr3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Blade81

2007-08-22, 22:04

Hi

Rename HijackThis.exe file -> something.exe and post a fresh hjt log.

blackphantom

2007-08-23, 02:56

Logfile of HijackThis v1.99.1
Scan saved at 7:55:31 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\something.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB9BABC3-7973-4FF3-888B-C4159D0CAAB0} - C:\WINDOWS\system32\tusqp.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\efcabya.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://www.gamensurf.game-host.org/WebDvr3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabya - efcabya.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tusqp - C:\WINDOWS\system32\tusqp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Blade81

2007-08-23, 07:52

Hi

1. Download this file -
combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

blackphantom

2007-08-23, 19:36

ComboFix 07-08-17.2 - "Black Phantom" 2007-08-23 12:16:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.516 [GMT -4:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\system32\ampbfhuo.dll
C:\WINDOWS\system32\aqkuicxb.dll
C:\WINDOWS\system32\artmknwb.dll
C:\WINDOWS\system32\avqhecon.dll
C:\WINDOWS\system32\bbskcdfy.dll
C:\WINDOWS\system32\bdpwoguv.ini
C:\WINDOWS\system32\bwnkmtra.ini
C:\WINDOWS\system32\bxqekmyp.dll
C:\WINDOWS\system32\ccjusyey.ini
C:\WINDOWS\system32\cgcaxlwq.dll
C:\WINDOWS\system32\doequsew.dll
C:\WINDOWS\system32\dpqfeabm.dll
C:\WINDOWS\system32\dtytsqsg.ini
C:\WINDOWS\system32\elnswwlm.dll
C:\WINDOWS\system32\enfpyxow.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fnpokflp.ini
C:\WINDOWS\system32\giwpwadm.ini
C:\WINDOWS\system32\gsqstytd.dll
C:\WINDOWS\system32\gwtftdfi.dll
C:\WINDOWS\system32\jdtddgpu.ini
C:\WINDOWS\system32\jfghjghb.dll
C:\WINDOWS\system32\jgvlvcnx.dll
C:\WINDOWS\system32\leycghpy.dll
C:\WINDOWS\system32\luassita.dll
C:\WINDOWS\system32\mbaefqpd.ini
C:\WINDOWS\system32\mdawpwig.dll
C:\WINDOWS\system32\mplnteey.dll
C:\WINDOWS\system32\nhhtyxvw.dll
C:\WINDOWS\system32\orjlkhtb.dll
C:\WINDOWS\system32\pivagvry.dll
C:\WINDOWS\system32\plfkopnf.dll
C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\pqsut.bak2
C:\WINDOWS\system32\pqsut.ini
C:\WINDOWS\system32\pqsut.ini2
C:\WINDOWS\system32\pqsut.tmp
C:\WINDOWS\system32\qclvupfe.dll
C:\WINDOWS\system32\rwqkjukt.dll
C:\WINDOWS\system32\sjcpqvdu.ini
C:\WINDOWS\system32\svxyb.bak1
C:\WINDOWS\system32\svxyb.ini
C:\WINDOWS\system32\tbjrdrmx.dll
C:\WINDOWS\system32\tgidpyxu.dll
C:\WINDOWS\system32\udvqpcjs.dll
C:\WINDOWS\system32\ujqtriru.dll
C:\WINDOWS\system32\upgddtdj.dll
C:\WINDOWS\system32\urirtqju.ini
C:\WINDOWS\system32\uwpbxcko.dll
C:\WINDOWS\system32\uxypdigt.ini
C:\WINDOWS\system32\vlgmaqrx.ini
C:\WINDOWS\system32\vugowpdb.dll
C:\WINDOWS\system32\wesuqeod.ini
C:\WINDOWS\system32\wlosfegv.dll
C:\WINDOWS\system32\woxypfne.ini
C:\WINDOWS\system32\wvxythhn.ini
C:\WINDOWS\system32\xantbnde.dll
C:\WINDOWS\system32\xhbtqmxr.dll
C:\WINDOWS\system32\xmrdrjbt.ini
C:\WINDOWS\system32\xncvlvgj.ini
C:\WINDOWS\system32\xqlhlipr.dll
C:\WINDOWS\system32\xrqamglv.dll
C:\WINDOWS\system32\yeysujcc.dll
C:\WINDOWS\system32\ymhpjigf.dll
C:\WINDOWS\system32\yrvgavip.ini

((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))

2007-08-23 12:20 70,208 --a------ C:\WINDOWS\system32\jeurigml.dll
2007-08-23 12:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 12:39 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-22 12:05 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 14:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-20 19:55 <DIR> d-------- C:\!KillBox
2007-08-20 13:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-20 13:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-20 13:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-20 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-08-19 21:04 298,080 --------- C:\WINDOWS\system32\tusqp.dll
2007-08-19 20:59 <DIR> d-------- C:\WINDOWS\system32\tmps7
2007-08-19 20:59 <DIR> d-------- C:\WINDOWS\system32\ICM23
2007-08-19 20:59 <DIR> d-------- C:\WINDOWS\system32\cofig1
2007-08-19 20:59 <DIR> d-------- C:\Temp
2007-08-18 16:56 <DIR> d-------- C:\Program Files\Cisco Systems
2007-08-04 13:33 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-08-04 13:33 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-08-04 13:33 <DIR> d-------- C:\Program Files\D-Tools
2007-07-25 15:34 2,198 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-24 00:38 7,835 --a------ C:\dnsbak.reg
2007-07-24 00:20 <DIR> d-------- C:\KAV
2007-07-23 22:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 12:28 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-23 12:27 1600194 ---hs---- C:\WINDOWS\system32\pqsut.bak1
2007-08-23 12:15 --------- d-------- C:\Program Files\FlashGet
2007-08-23 12:14 --------- d-------- C:\Program Files\Trillian
2007-08-22 12:14 --------- d-------- C:\DOCUME~1\BLACKP~1\APPLIC~1\uTorrent
2007-08-22 12:13 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-18 17:08 --------- d-------- C:\Program Files\Conquer 2.0
2007-08-10 01:37 --------- d-------- C:\Program Files\Guild Wars
2007-08-05 17:15 --------- d-------- C:\Program Files\BitComet
2007-08-05 16:43 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 05:06 135 --a------ C:\Program Files\Common Files\proky.html
2007-07-24 00:40 --------- d-------- C:\Program Files\Symantec
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 12:49 --------- d-------- C:\Program Files\DivX
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-01 13:56 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2006-05-29 19:03:24 104 -csha-r C:\WINDOWS\system32\5C0A014815.sys
2006-09-20 02:33:29 56 --sha-r C:\WINDOWS\system32\F2925295B8.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{331EFEDB-57E5-4A5D-A479-4B0C2773DCFA}]
2007-08-19 21:04 298080 --------- C:\WINDOWS\system32\tusqp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 08:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 14:01]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 13:47:36]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcabya]
efcabya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tusqp]
C:\WINDOWS\system32\tusqp.dll 2007-08-19 21:04 298080 C:\WINDOWS\system32\tusqp.dll

S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4f5bf0-c4e4-11da-b6ed-0014a550516a}]
AutoRun\command- E:\setupSNK.exe

Contents of the 'Scheduled Tasks' folder
2006-11-27 17:19:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1156436329.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-08-21 22:00:00 C:\WINDOWS\Tasks\Pareto UNS.job - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 12:26:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\pqsut.tmp

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-23 12:31:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 12:31

--- E O F ---

blackphantom

2007-08-23, 19:37

Logfile of HijackThis v1.99.1
Scan saved at 12:35:12 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Downloads\hijackthis\something.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {331EFEDB-57E5-4A5D-A479-4B0C2773DCFA} - C:\WINDOWS\system32\tusqp.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://www.gamensurf.game-host.org/WebDvr3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabya - efcabya.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tusqp - C:\WINDOWS\system32\tusqp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Blade81

2007-08-23, 22:50

Hi

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\jeurigml.dll
C:\WINDOWS\system32\tusqp.dll
C:\WINDOWS\system32\pqsut.bak1
C:\Program Files\Common Files\proky.html
C:\WINDOWS\system32\pqsut.tmp

Folder::
C:\!KillBox
C:\WINDOWS\system32\tmps7
C:\WINDOWS\system32\ICM23
C:\WINDOWS\system32\cofig1
C:\Temp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{331EFEDB-57E5-4A5D-A479-4B0C2773DCFA}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcabya]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tusqp]

Save this as
CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh hjt log.

blackphantom

2007-08-24, 01:46

ComboFix 07-08-17.2 - "Black Phantom" 2007-08-23 18:33:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.500 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Black Phantom\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\jeurigml.dll
C:\WINDOWS\system32\tusqp.dll
C:\WINDOWS\system32\pqsut.bak1
C:\Program Files\Common Files\proky.html
C:\WINDOWS\system32\pqsut.tmp

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\!KillBox
C:\!KillBox\Logs\kb.log
C:\!KillBox\tusqp.dll
C:\!KillBox\tusqp.dll( 1)
C:\!KillBox\tusqp.dll( 2)
C:\!KillBox\tusqp.dll( 3)
C:\!KillBox\tusqp.dll( 4)
C:\!KillBox\tusqp.dll( 5)
C:\!KillBox\tusqp.dll( 6)
C:\!KillBox\tusqp.dll( 7)
C:\Program Files\Common Files\proky.html
C:\Temp
C:\WINDOWS\system32\cofig1
C:\WINDOWS\system32\ICM23
C:\WINDOWS\system32\jeurigml.dll
C:\WINDOWS\system32\mkxgxcmm.dll
C:\WINDOWS\system32\mmcxgxkm.ini
C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\pqsut.ini
C:\WINDOWS\system32\pqsut.ini2
C:\WINDOWS\system32\pqsut.tmp
C:\WINDOWS\system32\scusjiuw.dll
C:\WINDOWS\system32\tmps7
C:\WINDOWS\system32\tusqp.dll

((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))

2007-08-23 12:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 12:39 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-22 12:05 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 14:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-20 13:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-20 13:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-20 13:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-20 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-08-18 16:56 <DIR> d-------- C:\Program Files\Cisco Systems
2007-08-04 13:33 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-08-04 13:33 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-08-04 13:33 <DIR> d-------- C:\Program Files\D-Tools
2007-07-25 15:34 2,198 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-24 00:38 7,835 --a------ C:\dnsbak.reg
2007-07-24 00:20 <DIR> d-------- C:\KAV
2007-07-23 22:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 18:41 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-23 18:32 --------- d-------- C:\Program Files\Trillian
2007-08-23 12:15 --------- d-------- C:\Program Files\FlashGet
2007-08-22 12:14 --------- d-------- C:\DOCUME~1\BLACKP~1\APPLIC~1\uTorrent
2007-08-22 12:13 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-18 17:08 --------- d-------- C:\Program Files\Conquer 2.0
2007-08-10 01:37 --------- d-------- C:\Program Files\Guild Wars
2007-08-05 17:15 --------- d-------- C:\Program Files\BitComet
2007-08-05 16:43 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 00:40 --------- d-------- C:\Program Files\Symantec
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 12:49 --------- d-------- C:\Program Files\DivX
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-01 13:56 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-31 02:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2006-05-29 19:03:24 104 -csha-r C:\WINDOWS\system32\5C0A014815.sys
2006-09-20 02:33:29 56 --sha-r C:\WINDOWS\system32\F2925295B8.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 08:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 20:50]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 14:01]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-06-28 13:47:36]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]

S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4f5bf0-c4e4-11da-b6ed-0014a550516a}]
AutoRun\command- E:\setupSNK.exe

Contents of the 'Scheduled Tasks' folder
2006-11-27 17:19:28 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1156436329.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-08-21 22:00:00 C:\WINDOWS\Tasks\Pareto UNS.job - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 18:40:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 18:43:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 18:43
C:\ComboFix2.txt ... 2007-08-23 12:31

--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 6:45:04 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Downloads\hijackthis\something.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://www.gamensurf.game-host.org/WebDvr3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Blade81

2007-08-25, 03:02

Hi

Start hjt, click do a system scan only, check:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close browsers and other windows. Click fix checked.

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please do an online scan with
Kaspersky
WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
The program will launch and then begin downloading the latest
definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise
Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been
infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post with a fresh hjt log.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

blackphantom

2007-08-25, 06:58

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 24, 2007 11:22:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 25/08/2007
Kaspersky Anti-Virus database records: 389702
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 75543
Number of viruses found: 7
Number of infected objects: 42
Number of suspicious objects: 2
Duration of the scan process: 01:39:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/retadpu1000106.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00C40000\46CDC3CA.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000\47CD9465.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E40000\47EDDD42.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02980000\46D9CE1F.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02980001\46D9D07D.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C40000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05400000\47C9CC6E.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08100000\4EDDB2A8.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000\4ECE1DB3.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0000\4EFD9316.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00000\4FEC3E00.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00001\4FECD127.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00002\4FECD1D2.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00003\4FECD37F.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00004\4FECD4ED.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00005\4FECD6D1.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00006\4FECE55F.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00007\4FECE9B3.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00008\4FECEAC6.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00009\4FECF0C4.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE0000A\4FECF595.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE0000B\4FED0DEA.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000\4EEDBC4D.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40000\4EFCE7E4.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40001\4EFCEE1F.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40002\4EFCEE31.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80000\4EF9E639.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80001\4EF9E694.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB80004\4EF9ECE3.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ED00000\4EDB1CB0.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000\4FEB0FD1.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F6C0000\4FEEBF30.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F7C0000\4FFDD7D4.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F7C0001.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40000\4FDE2CC6.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD40001\4FDE2E51.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Game.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\HostOptions.map Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\key.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MOTD.dds Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MOTD.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\MPCustomizations.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\la001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\lc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\ma001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\mc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\wa001304.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\htm\wc001098.htm Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbag.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbags.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbcl.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbclgame.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbcls.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbsv.dll Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\pb\pbsvgame.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Profiles\Profile000.gdb Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\Profiles\Profile001.gdb Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\ServerOptions\ExampleServerOptions.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\ServerOptions\ServerOptions0000.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Monolith Productions\FEARCombat\settings.cfg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 - Carbon Leaf - Life Less Ordinary - Indian Summer_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 SupaSaturation (radio version).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 Windblown.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\02 OK Alone.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\03 Lost Angeles.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Desert Train.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Show Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 - Nickel Creek - This Side - This Side_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 I Just Drove By.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\07 Lighted Up.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\08 If Its Wrong 1.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 - Deanna Carter - Sunny Day - the story of my life_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 When We Are One.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\adam.hood.playsomethingweknow.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.million.miles.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.tuesday.night.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Big Sky190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Carey Ott - Mother Madam_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Clark Country - Track 2.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - It Doesn't Get Any Better Than This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - My Favorite Revolution.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - The Next Time You Go.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Freakhouse - Liars Inc. 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\gandalf_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\GIRL.mp3 Object is locked skipped

blackphantom

2007-08-25, 06:59

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Green.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\I Love Lovin U.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Jeff Black - Tin Lily_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacy.crowley.badass.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.blood.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.kindofperfect.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Lie To Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Long Long Time 192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Love Me Too Much190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Marcy Playground - No Ones Boy 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Mas Rapido - Christopher Robin's Dead - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Natural Fool (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Not Hot To Trot.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\NuSensation_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OceanDriveClubMix_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\omar_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OpusOne_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Orange Peels - Something In You - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Rescue Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sister Vikki.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorrow - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorry.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Steady As She Goes (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Swell.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\The Greencards - Time - weather and water_193k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Baby Blue.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Can You Feel It Now.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - You Were Born For This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Urbia.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Indiana Sun.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Jealousy (Will Get You).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - She's Dead.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\Black Phantom\Application Data\CiscoCAA\event.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Phantom\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\dfsr.db Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\fsr.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Messenger\black_phantom1@hotmail.com\SharingMetadata\Working\database_F4E0_FA5B_E0FA_2410\tmp.edb Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows Live Contacts\black_phantom1@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Application Data\Microsoft\Windows Live Contacts\black_phantom1@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DF56A2.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DF7ACE.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DFAEA2.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temp\~DFAEAF.tmp Object is locked skipped
C:\Documents and Settings\Black Phantom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Phantom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Black Phantom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0479NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0935NAV~.TMP Object is locked skipped
C:\Program Files\Trillian\users\default\logs\YAHOO\Query\fireelffrost.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000257.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is lo