Results 1 to 5 of 5

Thread: Smitfraud-C.CoreService, Virtumonde Trouble

  1. 2007-11-07, 03:15 #1
    jologist
    jologist is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default Smitfraud-C.CoreService, Virtumonde Trouble

    I started having problems a couple of days ago with malware trying to install "spyware protection" programs. I have problems with popups and what not. More alarming still, I'm having Windows related problems as well like the inability to change my desktop background. It's resulted in a slow down of the whole system.

    Spybot also finds Virtumonde and something called ZenoSearch.

    I'm posting the HJT log and the Kaspersky log below, I would appreciate any help. Thank you!

    HJT Log
    ----------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:12:23 AM, on 11/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\Ai Gear\GearHelp.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\Pelmiced.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mslinvestments.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\Ai Gear\GearHelp.exe"
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [{6E-E6-6A-AD-ZN}] C:\Documents and Settings\Steve Wells\Local Settings\Temp\T0CHD001.exe CHD001
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6383] command /c del "C:\Documents and Settings\Steve Wells\Local Settings\Temp\winAB.tmp.exe_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6622] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9519] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5429] command /c del "C:\WINDOWS\system32\drivers\core.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3919] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7725] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2501] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB539] command /c del "C:\WINDOWS\system32\drivers\core.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5889] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Steve Wells\Local Settings\Temp\T0CHD001.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Business Objects\JRE\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Business Objects\JRE\bin\npjpi142_04.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1183676296921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183676289140
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\cewuepryhde.html

    --
    End of file - 10985 bytes
  2. 2007-11-07, 03:18 #2
    jologist
    jologist is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default

    Here is the Kaspersky Log: (1 of 2)
    ----------------------
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, November 06, 2007 1:09:10 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 6/11/2007
    Kaspersky Anti-Virus database records: 452135
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 207384
    Number of viruses found: 46
    Number of infected objects: 133
    Number of suspicious objects: 4
    Duration of the scan process: 02:12:25

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/winAB.tmp.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09691E3A.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe Inno: infected - 22 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe CryptFF: infected - 22 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe Inno: infected - 22 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe CryptFF: infected - 22 skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Steve Wells\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FlashFXP.v1.3.Build.775.Cracked.Incl.Keymaker-PGC\pgc-fl75.z/cracked.exe Suspicious: Packed.Win32.PePatch.dk skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FlashFXP.v1.3.Build.775.Cracked.Incl.Keymaker-PGC\pgc-fl75.z ZIP: suspicious - 1 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip/ServUSetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.4002 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip/ServUSetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.4002 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip ZIP: infected - 2 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\Serv-U FTP Server v3.0.0.17 Professional\fo-su317.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3017 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\Serv-U FTP Server v3.0.0.17 Professional\fo-su317.exe ZIP: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Desktop\From Old 40\unzipped\polaris2001v4.0[1]\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.507 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\CEMG555077.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\CEMG555077.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\gosAA.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\install_en.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\k11u72.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bqc skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\k11u72.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\lmgrd9.log Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\loader.exe Infected: Trojan-Downloader.Win32.VB.bql skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\MTE3MDk6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\winAD.tmp.exe Infected: Trojan-Downloader.Win32.VB.bql skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\winB6.tmp.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\wr-1-77.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe Inno: infected - 4 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Agent.emo skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\stany[1].exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\xc60[1].exe Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\Install1300[1].exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\s2f[1].exe Infected: Trojan-Downloader.Win32.Alphabet.aa skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\vasya[1] Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\3269[1].exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\acdt-pid72[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\acdt-pid72[1].exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\antzom[1].exe Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\k11u72[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.bqc skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\k11u72[1].exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\TTC-4444[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\TTC-4444[1].exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\wr-1-77[1].exe Infected: Trojan-Downloader.Win32.Small.gll skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\xc23[1].exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\xcd23[1].exe Infected: Trojan-Downloader.Win32.VB.bql skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Agent.emo skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\xc29[1].exe Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Steve Wells\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Steve Wells\ntuser.dat.LOG Object is locked skipped
  3. 2007-11-07, 03:19 #3
    jologist
    jologist is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default

    Kaspersky Log (2 of 2):
    ------------------
    C:\flexlm\ARCGIS Object is locked skipped
    C:\Program Files\3269.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Messenger\tecoho4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\Messenger\tecoho555077.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\Messenger\tecoho83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\s2f.exe Infected: Trojan-Downloader.Win32.Alphabet.aa skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP162\A0051302.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP162\A0051304.exe Infected: not-virus:Hoax.Win32.Renos.kj skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP163\A0051320.exe Infected: Trojan-Downloader.Win32.Agent.emo skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051362.dll Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051365.dll Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051366.exe Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051367.exe Infected: not-a-virus:AdWare.Win32.Agent.tb skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051395.dll Infected: Trojan.Win32.Agent.qt skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051396.dll Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051397.dll Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051398.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051399.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051400.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051401.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051404.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051405.exe Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051407.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051409.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051574.dll Infected: Trojan.Win32.Agent.qt skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051575.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051577.dll Infected: not-a-virus:AdWare.Win32.BHO.je skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051586.dll Infected: Trojan.Win32.Agent.qt skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051587.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051588.exe Infected: not-a-virus:AdWare.Win32.Agent.tb skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051608.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051609.dll Infected: Trojan.Win32.Dialer.qn skipped
    C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.emo skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{32D92619-2820-4160-A558-F1B70D331F3A}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\.exe Infected: Trojan-Dropper.Win32.VB.tg skipped
    C:\WINDOWS\system32\aivskurq.dll Infected: Trojan-Downloader.Win32.VB.bpt skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
    C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\g2\caws83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\WINDOWS\system32\g2\caws83122.exe NSIS: infected - 1 skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\Mz08r\Mz08r1099.exe Infected: Trojan-Downloader.Win32.VB.bqc skipped
    C:\WINDOWS\system32\r2\wr31drs.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\xpupdate.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
    ---------

    Again, thank you for any help you can provide.
  4. 2007-11-16, 00:53 #4
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello jologist,

    Welcome to Safer Networking Forums

    Sorry for the delay. When you reply to your own topic it looks like you're being helped, as Helpers look for topics with 0 replies. If you still need help, please post a new HijackThis log so I can be sure nothing has changed.

    Thanks,
    tea
    teacup61
  5. 2007-11-21, 23:00 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic has been moved to archives.

    If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

    FYI:
    The Waiting Room: Post here if waiting for help longer than four days

    Copy and paste that information in your next post if the content will take no more than two posts to do so.
    If the result of your anti-virus scan is extremely long, please do not post it, but rather inform us when posting the HJT log.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules