View Full Version : Valera Downloader
I'm new to this, so bear with me.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:48 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dociqljd.dll",sitypnow
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12195 bytes
Here is the Kaspersky Log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 5:29:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435911
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 71020
Number of viruses found: 17
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 00:55:53
Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip/wininstall.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\022F7505 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02A839F2 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B196212 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD772F5 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\106F16D7.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12D91630.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B735024 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CC76610 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20691CAE.exe Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\248A29D3 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\251A4819.dll Infected: not-a-virus:AdWare.Win32.Agent.kr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\252A1A07.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25755FB5.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\257809B1.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D0724BB Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D0F3EC4.exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E4C4E36 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E98359B Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\326149B8 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\409063E0.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\445A19B5.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47365690.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47365690.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47365690.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47811C3D.exe Infected: Trojan-Downloader.Win32.Small.fuq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486C6B3A.exe Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486F1537.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486F1537.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486F1537.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C684499 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6202718F Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62120393 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663710EE Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708D722A Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70C06C89 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\780D61E9 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\kugteeav.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\mhsraikc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temp\anihxxwq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\brmravbs.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btdcvojo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btqqvsjb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\bxspedus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cgeflgxr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxcvkkya.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxwxcnbb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cydhnnfh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dqipskik.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ehxexjxi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\etadeksu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\fjojvaul.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\flilrfqi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ftlvqpjc.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gbqsnlof.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gjkrbumf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gnqhqshx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gtuoeahr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ibluxren.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\icfbonbd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ihadxrkb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\iioanfkh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ivdqlqlg.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jnjwckus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jopjtxbj.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jorpgenq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kicgwjse.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kovjgrke.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lcobesrp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\llnoqxyx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lninvrdb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnmlohoe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnxthnas.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lxsdkwpo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\paxhhukg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\pklqtwrm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qftjlakn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qnteckvq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qsnykvpa.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\rljtoaij.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\sgnleyjr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\smwdarfp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tghcifhw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tkhbgqlj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tqshbycx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uhcxxfxo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uoancyya.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uqxqfsmh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uwpfurdp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wmncuqjf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xsxjrlol.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xtkbdymk.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xwohqfjy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ydjwimoi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\yrlhhrdh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
Part 2:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0608NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0665NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000019.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000063.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{06FBDD16-C5F5-4C48-A0BE-C558D6604516}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gkymyqns.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavveaht.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\qrunxvsh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\spifihqb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.c skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Z2\mon33dll.exe NSIS: infected - 4 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-10-19, 23:11
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Brian, you understand looking at the Kaspersky scan result that you have a very infected computer and this is going to take some time and work to clean up. You also understand you have the option to reformat if you would prefer to do that, and I would be glad to post tutorials to help.
If you wish to try to clean the computer, my first suggestion is to stay offline as much as possible until I say you are clean, this junk will download more and you have enough now.
If this works for you this is what I want you to do.
1) You have a load of junk in Norton's Quarantine folder:
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\ <<< navigate to that folder and delete only the contents.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506
2) More is here: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< navigate to that folder and delete the contents.
3) C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <<< return to HijackThis and rename it, call it Pitreau.exe or whatever you wish. After a reboot we may see more of the infections, the hackers have learned to hide it from HJT.
4) See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< your Java program is VERY outdated and likely the reason you are infected. First download the newest version of Java, once you have it installed then uninstall all old versions in Add Remove programs.
5) Thanks to Atribune and any others who helped with this fix.
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThislogin a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
That is a start
Thanks
If you don't mind working with me, then let's take a shot at this. I've done everything you asked, here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:16 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\Pitreau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {352CE881-B654-4D94-A92A-09BDE4436F67} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
O2 - BHO: 0 - {9687FA06-4A86-407C-4A91-C922A35EE2CF} - C:\Program Files\ComPlus Applications\lavuga.dll (file missing)
O2 - BHO: (no name) - {A4C30E5E-E348-48DA-B972-F8A853516B35} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: (no name) - {A62B4D77-2298-49CD-89F9-52EA01B1DE4D} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C4A67FBC-1700-4ED8-BD0F-F4E8367F10B5} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dociqljd.dll",sitypnow
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gfofbaqw.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13214 bytes
I ran vundofix (the first time I ran it, apparently I hadn't completely updated Java and removed old versions, but its all set now) and rebooted. I ran it again, and another file came up. I removed and rebooted, and it came back again. Every time i run it, the file is still there. In addition, when I restart windows, I get an error that says:
Error Loading C:\windows\system32\dociqljd.dll
That is the same file it keeps showing and trying to remove. I'll post the first vundofix log below and the log that keeps showing up trying to delete that file. Is that something I should post to the site you mentioned? Here goes:
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 7:55:11 PM 10/19/2007
Listing files found while scanning....
C:\windows\system32\atvevevm.ini
C:\windows\system32\banyjtvx.ini
C:\WINDOWS\system32\djlqicod.ini
C:\windows\system32\dnvegefs.dll
C:\WINDOWS\system32\dociqljd.dll
C:\windows\system32\eerberct.dll
C:\windows\system32\einwtmik.dll
C:\windows\system32\eokmxmuj.dll
C:\windows\system32\gfpcdyby.ini
C:\windows\system32\goysoldk.ini
C:\windows\system32\gudcjdtq.ini
C:\WINDOWS\system32\hbbjluqg.dll
C:\windows\system32\hyalkgon.ini
C:\windows\system32\iodcvldn.ini
C:\windows\system32\ipmhgnuv.ini
C:\windows\system32\jbxltrpr.dll
C:\windows\system32\jdxcbivy.ini
C:\windows\system32\jumxmkoe.ini
C:\windows\system32\jvampsaw.dll
C:\windows\system32\kdlosyog.dll
C:\windows\system32\kgfegdko.ini
C:\windows\system32\kimtwnie.ini
C:\windows\system32\mvevevta.dll
C:\windows\system32\ndlvcdoi.dll
C:\windows\system32\nogklayh.dll
C:\windows\system32\odedahpp.dll
C:\windows\system32\okdgefgk.dll
C:\windows\system32\pdpbstms.ini
C:\WINDOWS\system32\pmnooop.dll
C:\windows\system32\pphadedo.ini
C:\windows\system32\qtdjcdug.dll
C:\windows\system32\rprtlxbj.ini
C:\windows\system32\sfegevnd.ini
C:\windows\system32\smtsbpdp.dll
C:\windows\system32\tcrebree.ini
C:\windows\system32\vunghmpi.dll
C:\windows\system32\waspmavj.ini
C:\windows\system32\xvtjynab.dll
C:\windows\system32\ybydcpfg.dll
C:\windows\system32\yvibcxdj.dll
Beginning removal...
Attempting to delete C:\windows\system32\atvevevm.ini
C:\windows\system32\atvevevm.ini Has been deleted!
Attempting to delete C:\windows\system32\banyjtvx.ini
C:\windows\system32\banyjtvx.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\djlqicod.ini
C:\WINDOWS\system32\djlqicod.ini Has been deleted!
Attempting to delete C:\windows\system32\dnvegefs.dll
C:\windows\system32\dnvegefs.dll Has been deleted!
Attempting to delete C:\windows\system32\eerberct.dll
C:\windows\system32\eerberct.dll Has been deleted!
Attempting to delete C:\windows\system32\einwtmik.dll
C:\windows\system32\einwtmik.dll Has been deleted!
Attempting to delete C:\windows\system32\eokmxmuj.dll
C:\windows\system32\eokmxmuj.dll Has been deleted!
Attempting to delete C:\windows\system32\gfpcdyby.ini
C:\windows\system32\gfpcdyby.ini Has been deleted!
Attempting to delete C:\windows\system32\goysoldk.ini
C:\windows\system32\goysoldk.ini Has been deleted!
Attempting to delete C:\windows\system32\gudcjdtq.ini
C:\windows\system32\gudcjdtq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hbbjluqg.dll
C:\WINDOWS\system32\hbbjluqg.dll Has been deleted!
Attempting to delete C:\windows\system32\hyalkgon.ini
C:\windows\system32\hyalkgon.ini Has been deleted!
Attempting to delete C:\windows\system32\iodcvldn.ini
C:\windows\system32\iodcvldn.ini Has been deleted!
Attempting to delete C:\windows\system32\ipmhgnuv.ini
C:\windows\system32\ipmhgnuv.ini Has been deleted!
Attempting to delete C:\windows\system32\jbxltrpr.dll
C:\windows\system32\jbxltrpr.dll Has been deleted!
Attempting to delete C:\windows\system32\jdxcbivy.ini
C:\windows\system32\jdxcbivy.ini Has been deleted!
Attempting to delete C:\windows\system32\jumxmkoe.ini
C:\windows\system32\jumxmkoe.ini Has been deleted!
Attempting to delete C:\windows\system32\jvampsaw.dll
C:\windows\system32\jvampsaw.dll Has been deleted!
Attempting to delete C:\windows\system32\kdlosyog.dll
C:\windows\system32\kdlosyog.dll Has been deleted!
Attempting to delete C:\windows\system32\kgfegdko.ini
C:\windows\system32\kgfegdko.ini Has been deleted!
Attempting to delete C:\windows\system32\kimtwnie.ini
C:\windows\system32\kimtwnie.ini Has been deleted!
Attempting to delete C:\windows\system32\mvevevta.dll
C:\windows\system32\mvevevta.dll Has been deleted!
Attempting to delete C:\windows\system32\ndlvcdoi.dll
C:\windows\system32\ndlvcdoi.dll Has been deleted!
Attempting to delete C:\windows\system32\nogklayh.dll
C:\windows\system32\nogklayh.dll Has been deleted!
Attempting to delete C:\windows\system32\odedahpp.dll
C:\windows\system32\odedahpp.dll Has been deleted!
Attempting to delete C:\windows\system32\okdgefgk.dll
C:\windows\system32\okdgefgk.dll Has been deleted!
Attempting to delete C:\windows\system32\pdpbstms.ini
C:\windows\system32\pdpbstms.ini Has been deleted!
Attempting to delete C:\windows\system32\pphadedo.ini
C:\windows\system32\pphadedo.ini Has been deleted!
Attempting to delete C:\windows\system32\qtdjcdug.dll
C:\windows\system32\qtdjcdug.dll Has been deleted!
Attempting to delete C:\windows\system32\rprtlxbj.ini
C:\windows\system32\rprtlxbj.ini Has been deleted!
Attempting to delete C:\windows\system32\sfegevnd.ini
C:\windows\system32\sfegevnd.ini Has been deleted!
Attempting to delete C:\windows\system32\smtsbpdp.dll
C:\windows\system32\smtsbpdp.dll Has been deleted!
Attempting to delete C:\windows\system32\tcrebree.ini
C:\windows\system32\tcrebree.ini Has been deleted!
Attempting to delete C:\windows\system32\vunghmpi.dll
C:\windows\system32\vunghmpi.dll Has been deleted!
Attempting to delete C:\windows\system32\waspmavj.ini
C:\windows\system32\waspmavj.ini Has been deleted!
Attempting to delete C:\windows\system32\xvtjynab.dll
C:\windows\system32\xvtjynab.dll Has been deleted!
Attempting to delete C:\windows\system32\ybydcpfg.dll
C:\windows\system32\ybydcpfg.dll Has been deleted!
Attempting to delete C:\windows\system32\yvibcxdj.dll
C:\windows\system32\yvibcxdj.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 8:08:16 PM 10/19/2007
Listing files found while scanning....
C:\WINDOWS\system32\dociqljd.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Second file:
VundoFix V6.5.10
Checking Java version...
Scan started at 8:26:41 PM 10/19/2007
Listing files found while scanning....
C:\WINDOWS\system32\dociqljd.dll
Beginning removal...
Performing Repairs to the registry.
Done!
pskelley
2007-10-20, 13:18
Hi Brian, thanks for returning your information and the feedback. These infections will complain with error messages when you try to remove them, continue to post word for word, any error you get.
1) TeaTimer will block changes we must make, turn it off until we finish
http://russelltexas.com/malware/teatimer.htm
2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {352CE881-B654-4D94-A92A-09BDE4436F67} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
O2 - BHO: 0 - {9687FA06-4A86-407C-4A91-C922A35EE2CF} - C:\Program Files\ComPlus Applications\lavuga.dll (file missing)
O2 - BHO: (no name) - {A4C30E5E-E348-48DA-B972-F8A853516B35} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: (no name) - {A62B4D77-2298-49CD-89F9-52EA01B1DE4D} - (no file)
O2 - BHO: (no name) - {C4A67FBC-1700-4ED8-BD0F-F4E8367F10B5} - (no file)
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dociqljd.dll",sitypnow
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gfofbaqw.exe (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
If any of the files coming up give you a problem, use this tool and instructions on them:
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\geeda.dll <<< delete that file
C:\windows\system32\dociqljd.dll <<< delete that file
C:\WINDOWS\system32\gfofbaqw.exe <<< delete that file
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and run it bit looking for any issues, post those along with a new HJT log.
Thanks
So I ran into a few problems on this round. When trying to fix the files you requested in HJT, everything worked except:
O2 - BHO: (no name) - {A4C30E5E-E348-48DA-B972-F8A853516B35} - C:\WINDOWS\system32\geeda.dll
When I tried to delete the files you requested, I was unable to find either of these:
C:\windows\system32\dociqljd.dll
C:\WINDOWS\system32\gfofbaqw.exe
When I tried to delete C:\WINDOWS\system32\geeda.dll it gave me the following error: Cannot delete geeda: It is being used by another person or program. Close any programs that might be using the file and try again.
I tried to delete upon reboot, but it keeps showing up every time I reboot.
The only other thing that seems to be off right now is that everytime I reboot, windows installer comes up, then I get the following error: Norton Antivirus 2006 does not support the repair feature, please uninstall and reinstall.
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:35 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\Pitreau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F3455069-FDF9-4433-969C-687EF0F435A6} - C:\WINDOWS\system32\geeda.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12042 bytes
pskelley
2007-10-20, 17:11
Thanks for the feedback, this is a Vundo file and it has to go:
O2 - BHO: (no name) - {F3455069-FDF9-4433-969C-687EF0F435A6} - C:\WINDOWS\system32\geeda.dll
There may even be a hidden 020 Winlogon associated with constantly changing their junk to stay ahead of us.
Are you sure you use the delete on reboot tool properly? Try it again, if it does not work, then do this.
First run Vundofix again to see if it picks the file up this time (geeda.dll) if it does not then follow the instructions to updload that file to Atribune so he can get it added.
Then do this:
Open Vundofix by Doubleclicking on it, then point your mouse to the white box above the buttons and right click, then click on Add More Files. When the next window opens, copy and paste the file into the boxes and click on Add File(s), then click on Close Window. Then click Remove Vundo.
The file to add is: C:\WINDOWS\system32\geeda.dll
Post a new HJT log. Make sure these error messages you mention are "word for word", I can not research them in any other way.
See this information: http://www.google.com/search?hl=en&q=Norton+Antivirus+2006+does+not+support+the+repair+feature%2C+please+uninstall+and+reinstall.&btnG=Search
Thanks
I tried the delete on reboot tool again, and it still didn't work. Ran Vundofix again, didn't pick it up. I went onto the site you listed, uploaded the file and linked to this topic in it. Went back to Vundofix, added the file and removed it. I rebooted, and the file was gone. When I ran HJT, it was still listed, but it said file missing. I checked it and fixed it, rebooted, and now it appears to be gone. I'm going to work on the Norton problem in the meantime. Here is the newest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:11 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\Pitreau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12026 bytes
pskelley
2007-10-20, 18:51
You did exactly the right thing, and the HJT log looks clean of malware. How is the computer running?
Make sure you covered the stuff I already posted in the Kaspersky scan. A lot of what was left was Vundo crap so when you are ready run a new scan so we can see if anything is left. I am outside doing yardwork, so I might not respond right away.
Thanks...Phil
Phil,
I've spent some time messing around with the comp and there hasn't been any problems. Seems like its running fine. Not sure what you mean by: "Make sure you covered the stuff I already posted in the Kaspersky scan. " but here is the kaspersky log, let me know what else I need to do. Thank you so much for everything you've done so far.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 20, 2007 8:59:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/10/2007
Kaspersky Anti-Virus database records: 441658
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 66602
Number of viruses found: 18
Number of infected objects: 168
Number of suspicious objects: 0
Duration of the scan process: 00:59:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\brwhicly.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\kugteeav.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\mhsraikc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\nudbxaam.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\MSHist012007102020071021\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temp\actxdpfu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\anihxxwq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aygvmjqe.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aypmjtpd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aypuoylb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\brmravbs.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btdcvojo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btqqvsjb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\bxspedus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\byufcdkw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cfebsmec.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cgeflgxr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cghvonmo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxcvkkya.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxwxcnbb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cydhnnfh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dnbyahno.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dohyxssp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dqipskik.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\drqvaxgm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\egqmgola.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ehxexjxi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\eqlmtnsn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\etadeksu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\fjojvaul.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\flilrfqi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ftbgmqcx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ftlvqpjc.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gbqsnlof.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ggowmpjd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gjkrbumf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gjkvonte.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gnqhqshx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gqappulo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gtuoeahr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\halvwmym.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\hffhrkwb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\himduaoq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ibluxren.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ibqfirwf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\icfbonbd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\iddhdeme.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ihadxrkb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ihxevjve.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\iioanfkh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\isvtnpjh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ivdqlqlg.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jausvdnk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jnjwckus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jopjtxbj.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jorpgenq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jqqanxjn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kghwhxtt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kicgwjse.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kkcuhyha.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kovjgrke.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kyohpvxh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lamafaqb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lcobesrp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lgasewpu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\llnoqxyx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lninvrdb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnmlohoe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnxthnas.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lousxtiq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lrdihhpq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lxsdkwpo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mmmdfotf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mskkwntg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mxsdoqjl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nfkncvhf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nlfsjwgr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nomvjgcd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ntvboaql.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oedkvjwr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\olmyrprv.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oqgnnkgh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oyyuureb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\paxhhukg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\pklqtwrm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ppubeodt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\prenpiui.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qftjlakn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qnteckvq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qsnykvpa.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qvsaysyt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\rhbkjrum.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\rljtoaij.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\sgnleyjr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\smwdarfp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\svsipatt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tejgnewb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tghcifhw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tjnrbmfw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tkhbgqlj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tqshbycx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ubnqirxo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uhcxxfxo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ulvbqpoy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uoancyya.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uqqcxrvf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uqxqfsmh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\utnbckmu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uwpfurdp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uywpsyul.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\vcthckae.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\vhvtpmas.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wgmqyjvy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wkksrmqj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wmncuqjf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xfgxldvm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xfvhmsgi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xgjlfryp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xsxjrlol.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xtkbdymk.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xwlsbrtn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xwohqfjy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ydjwimoi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\yrlhhrdh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ytjictqq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ytkqqhbc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\yupkvong.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ywbofshm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ywognplk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0339NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0439NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000019.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000063.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\change.log Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001296.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001296.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001296.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001297.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001299.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001300.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001301.exe Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001302.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001302.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001302.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001303.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001304.exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001305.dll Infected: not-a-virus:AdWare.Win32.Agent.kr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001306.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001307.exe Infected: Trojan-Downloader.Win32.Small.fuq skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001308.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001309.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001310.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0001430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0001434.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0001442.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001725.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001733.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0BC55C0C-7533-4711-80A3-BBDF881C202F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bsevcgvw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\frrmiexn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\gkymyqns.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavveaht.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\kmsacaqx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\nrotfhpn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\odraajoy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\qrunxvsh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\spifihqb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.c skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Z2\mon33dll.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Z2\mon33dll.exe NSIS: infected - 4 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-10-21, 14:05
Not sure what you mean by: "Make sure you covered the stuff I already posted in the Kaspersky scan.In my post #4 I listed Items in 1 and 2 to delete, if you did not do this, they will still be in the Kaspersky Scan again.
I guess ATF-Cleaner did not clean these, did you click SELECT ALL > Empty Selected when you ran the cleaner? There is a bunch of junk left in the user Temp folders as you will see.
C:\Documents and Settings\Alonna\Local Settings\Temp\ <<< delete the contents (NOT the folder)
C:\Documents and Settings\Brian\Local Settings\Temp\ <<< delete the contents (NOT the folder)
Delete all files in red
C:\WINDOWS\system32\frrmiexn.dll
C:\WINDOWS\system32\gkymyqns.dll
C:\WINDOWS\system32\kavveaht.dll
C:\WINDOWS\system32\kmsacaqx.dll
C:\WINDOWS\system32\nrotfhpn.dll
C:\WINDOWS\system32\odraajoy.dll
C:\WINDOWS\system32\qrunxvsh.dll
C:\WINDOWS\system32\spifihqb.dll
C:\WINDOWS\system32\Z2\<<< delete that folder
Hope I got them all, restart the computer and Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
For your information, a link to that information:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Run a new Kaspersky scan to make sure it is clean, post it only if you have questions.
Thanks
Phil,
Sorry for the reply, I've been trying to figure out what's going on, coupled with the fact that football is on TV, and its October in Salem, so everything takes longer.
I did what you asked in your last post, but when I re-run Kaspersky, its saying I still have a load of junk in the C:\Documents and Settings\Brian\Local Settings\Temp\ folder. When I go and look into that folder, there are files there, but none of the ones listed in the scan. Not sure if I'm doing something wrong, but here is the Kaspersky log again. FYI, the computer is still running great. Here's the log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 21, 2007 6:14:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/10/2007
Kaspersky Anti-Virus database records: 442192
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 63882
Number of viruses found: 8
Number of infected objects: 142
Number of suspicious objects: 0
Duration of the scan process: 00:51:47
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\brwhicly.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\kugteeav.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\mhsraikc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Alonna\Local Settings\Temp\nudbxaam.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\MSHist012007102120071022\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temp\actxdpfu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\anihxxwq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aygvmjqe.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aypmjtpd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\aypuoylb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\brmravbs.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btdcvojo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\btqqvsjb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\bxspedus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\byufcdkw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cfebsmec.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cgeflgxr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cghvonmo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxcvkkya.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cxwxcnbb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\cydhnnfh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dnbyahno.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dohyxssp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\dqipskik.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\drqvaxgm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\egqmgola.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ehxexjxi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\eqlmtnsn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\etadeksu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\fjojvaul.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\flilrfqi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ftbgmqcx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ftlvqpjc.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gbqsnlof.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ggowmpjd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gjkrbumf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gjkvonte.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gnqhqshx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gqappulo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\gtuoeahr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\halvwmym.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\hffhrkwb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\himduaoq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ibluxren.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ibqfirwf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\icfbonbd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\iddhdeme.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ihadxrkb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ihxevjve.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\iioanfkh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\isvtnpjh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ivdqlqlg.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jausvdnk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jnjwckus.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jopjtxbj.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jorpgenq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\jqqanxjn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kghwhxtt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kicgwjse.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kkcuhyha.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kovjgrke.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\kyohpvxh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lamafaqb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lcobesrp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lgasewpu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\llnoqxyx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lninvrdb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnmlohoe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lnxthnas.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lousxtiq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lrdihhpq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\lxsdkwpo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mmmdfotf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mskkwntg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\mxsdoqjl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nfkncvhf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nlfsjwgr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\nomvjgcd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ntvboaql.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oedkvjwr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\olmyrprv.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oqgnnkgh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\oyyuureb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\paxhhukg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\pklqtwrm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ppubeodt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\prenpiui.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qftjlakn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qnteckvq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qsnykvpa.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\qvsaysyt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\rhbkjrum.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\rljtoaij.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\sgnleyjr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\smwdarfp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\svsipatt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tejgnewb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tghcifhw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tjnrbmfw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tkhbgqlj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\tqshbycx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ubnqirxo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uhcxxfxo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\ulvbqpoy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uoancyya.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uqqcxrvf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uqxqfsmh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\utnbckmu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uwpfurdp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\uywpsyul.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\vcthckae.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\vhvtpmas.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wgmqyjvy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wkksrmqj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\wmncuqjf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xfgxldvm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xfvhmsgi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xgjlfryp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xsxjrlol.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Brian\Local Settings\Temp\xtkbdymk.dll Infected: Trojan.Win32.BHO.hj skipped
pskelley
2007-10-22, 00:37
Hi Brian, I wish I was in front of your computer, but I can't do this for you.
C:\Documents and Settings\
Brian\
Local Settings\
Temp\
actxdpfu.exe <<< Try searching for a few of the files to see what search tells you.
This is a Temp folder, delete everything in it, that's what Temp means.
Once you get a clean Kaspersky scan, you had better post another HJT log for a check.
Make sure you have all files and folders enabled:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
I make house calls but not to Salem.
http://ict.cas.psu.edu/Training/HowTo/ENComputers/emptytemp.htm
Thanks
Ok Phil, Turns out I'm an idiot. I missed one of your instructions for enabling all of the files/folders. Kaspersky looks better, but there seems to be some files in the recycler folder and the system restore folder. Let me know if I have to do anything with these. Other than that, things seem to be working great. Here are the logs, HJT first:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:46 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trend Micro\HijackThis\Pitreau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12242 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 21, 2007 9:11:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/10/2007
Kaspersky Anti-Virus database records: 442349
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 64997
Number of viruses found: 8
Number of infected objects: 142
Number of suspicious objects: 0
Duration of the scan process: 00:53:10
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\MSHist012007102120071022\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temp\hsperfdata_Brian\2696 Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0538NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0828NAV~.TMP Object is locked skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc1.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc10.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc100.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc101.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc102.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc107.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc108.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc109.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc11.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc110.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc111.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc112.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc113.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc114.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc115.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc116.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc117.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc118.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc119.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc12.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc120.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc128.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc129.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc13.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc130.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc131.dll Infected: Trojan.Win32.BHO.hj skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc132.dll Infected: Trojan.Win32.BHO.hj skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc133.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc134.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc135.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc136.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc137.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc138.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc139.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc14.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc140.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc144.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc147.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc148.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc149.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc15.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc16.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc17.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc18.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc19.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc20.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc21.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc22.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc23.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc24.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc25.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc26.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc27.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc28.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc29.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc30.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc31.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc32.dll Infected: Trojan.Win32.BHO.hj skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc33.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc34.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc35.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc36.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc37.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc38.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc39.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc40.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc41.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc42.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc43.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc44.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc45.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc46.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc47.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc48.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc49.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc5.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc50.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc51.dll Infected: Trojan.Win32.BHO.hj skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc53.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc55.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc56.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc57.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc58.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc59.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc6.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc60.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc61.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc62.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc63.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc64.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc65.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc66.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc67.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc68.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc69.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc7.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc70.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc71.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc72.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc73.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc74.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc75.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc76.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc77.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc78.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc79.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc8.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc80.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc81.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc82.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc83.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc84.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc85.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc86.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc87.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc88.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc89.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc9.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc90.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc91.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc92.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc93.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc94.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc95.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc96.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc97.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc98.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-2438854633-2799581887-685797453-1006\Dc99.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000012.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000012.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000012.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000012.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000012.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bsevcgvw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-10-22, 13:45
I understand sir, it's a lot to learn and these hackers should not be allowed to do this. I believe it is the same as breaking down the door to your house, B&E. I know what I would do is someone set off my alarm and broke into my house and I am always locked and loaded.
In my post #14 I gave you manual instruction plus a link to clean the System Restore files. You will want to do it again. I try to do it very last because if anything is left it will backup the trash, so we need a clean computer which you did not have at the time your created the restore point.
C:\RECYCLER <<< is the cute little Recycle Bin on your Desktop, right click it and choose "Empty Recycle Bin" then YES, and you should be good to go.
This is what happens when you delete a file, the last check before it is removed completely from the computer.
C:\WINDOWS\system32\bsevcgvw.dll <<< delete that file
(remove it from the Recycle Bin also)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:03:46 PM, on 10/21/2007
Your HJT log still appears to be clean of malware:bigthumb:
Thanks...Phil
pskelley
2007-10-22, 13:48
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Phil,
Did the last of what needed to be done. Cleaned out the system restore, emptied the recycle bin, and deleted that last file. I have system restore turned back on and changed the hidden file settings back to what they originally were. I think that's everything, let me know if you need to see the logs again, but I haven't had any issues in the last couple of days.
Thank you so much for your help. I was really starting to get upset with how my computer was behaving, and I happened to stumble upon this forum. What a great find! You have been very understanding and helpful, and for that, I must say thank you. I will be donating some money to the site. If you ever have a mechanical engineering question, want a personalized tour of Salem, or need Fantasy Football advise, you just let me know;)
Again, thank you so much, and I will take all of your advice on staying clean into my normal computer operating habits.
Brian