View Full Version : Infected by smitfraud, need help please
thesmartone421
2007-11-24, 23:35
Well, on Thanksgiving my Dad loaded the computer up, and noticed his background, was the natoriouse red background, that states your privacy is in danger, with some viral ads poping up. I read info on other sites and tried some steps, which got rid of the background, but left these five files:
rmv.exe
main_uninstaller.exe
nsduo.dll
msmhost.dll
msmdev.dll
Avast keeps trying to move to chest, but they recreate themself, and are moved to the Windows folder.
I've done the steps you said to do first, and with the last of my blabering here are the logs:
thesmartone421
2007-11-24, 23:36
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:36 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\hp\patches\51WW1VIA\src\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1142813683\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1142813683\ee\aolsoftware.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281688404.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142813683\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6--1547175328.dll/gn_menu1.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281688404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281688404.dll/gn_menu2.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?60e6ca527c2d4341a38327e754cc751e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?60e6ca527c2d4341a38327e754cc751e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187745280718
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168641872890
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168647635328
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://live.futuremark.com/global/msc3121.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: rmvgor - {CC7AE5C0-1F5A-4463-9485-EE3E4395BAF7} - C:\WINDOWS\rmvgor.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Xampp\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Xampp\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
thesmartone421
2007-11-24, 23:37
O23 - Service: mysql - Unknown owner - C:\Xampp\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 19923 bytes
thesmartone421
2007-11-24, 23:39
Kaspersky log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 24, 2007 2:19:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464957
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 239229
Number of viruses found: 21
Number of infected objects: 103
Number of suspicious objects: 0
Duration of the scan process: 04:13:18
Infected Object Name / Virus Name / Last Action
C:\835557d7527fb7b7c6fbfb85\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f77d87df748b5b2f5b635468a49106a_8f8410df-60f5-4dcc-9126-93721de708f7 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f77d87df748b5b2f5b635468a49106a_cd780602-8d9c-4fac-9bc9-ff371097be48 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adbffd8d560a3928d1cf4b08644368ee_8f8410df-60f5-4dcc-9126-93721de708f7 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19F01A64.tmp Infected: Trojan-Downloader.Win32.Zlob.rz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4D538C Infected: Trojan-Dropper.Win32.Microjoin.bx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A542785.exe Infected: Trojan-Dropper.Win32.Microjoin.bx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A5E1DC2.exe Infected: Trojan-Downloader.Win32.Zlob.wg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EC078F0.dll Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\268913A0.dll Infected: Trojan-Spy.Win32.Agent.ar skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\268913A0.exe Infected: Trojan-Spy.Win32.Agent.ar skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E131545.dll Infected: Trojan-Spy.Win32.Agent.ar skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ED86F96.exe Infected: Backdoor.Win32.Delf.tv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C9B5EBC.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CD97C77.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F88508C.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60DF5F09.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D0363D0.exe Infected: Trojan-Downloader.Win32.Zlob.ro skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73AB3307.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\740F62C6.tmp Infected: Trojan-Downloader.Win32.Zlob.wg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75507566.exe Infected: Trojan-Clicker.Win32.Small.kx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77C372B4.ocx Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2\rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ac8zt2.dat ZIP: infected - 7 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dfd Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.did Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dsd Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdb Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdl Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kib Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kpf Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.ksb Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\Google\Google Gears for Internet Explorer\localserver.db Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\14.tmp Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2\rmv.exe Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\ac8zt2.dat ZIP: infected - 7 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3A.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT3E.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT4C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT4C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT4C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT4C.tmp ZIP: infected - 3 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT52.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT52.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT52.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT52.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT52.tmp ZIP: infected - 4 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT6E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT6E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT6E.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT71.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT71.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT71.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT71.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT71.tmp ZIP: infected - 4 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT74.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT74.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT74.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT74.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT74.tmp ZIP: infected - 4 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT79.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT79.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT79.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT83.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT83.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\BIT83.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\CMLS--2007-11-24--08-24-18.log Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\~DF33FB.tmp Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temp\~DFC605.tmp Object is locked skipped
thesmartone421
2007-11-24, 23:40
C:\Documents and Settings\Ken.FAMILYCOMP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken.FAMILYCOMP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate.FAMILYCOMP\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Nate.FAMILYCOMP\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Nate.FAMILYCOMP\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Nate.FAMILYCOMP\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\The Kids\Local Settings\Application Data\Mozilla\Firefox\Profiles\nuyxsr3e.default\Cache\8832CDF1d01 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\The Kids\Local Settings\Application Data\Mozilla\Firefox\Profiles\nuyxsr3e.default\Cache\C874A5A1d01 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\The Kids\Local Settings\Application Data\Mozilla\Firefox\Profiles\nuyxsr3e.default\Cache\CE462C51d01 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\L0000008.FCS Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\RECYCLER\S-1-5-21-312372780-3324297668-2520687789-1012\Dc2.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\RECYCLER\S-1-5-21-312372780-3324297668-2520687789-1012\Dc4.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\RECYCLER\S-1-5-21-312372780-3324297668-2520687789-1012\Dc5.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\RECYCLER\S-1-5-21-312372780-3324297668-2520687789-1012\Dc6.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\WINDOWS\msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\WINDOWS\nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5725.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_GFi2kbVSQNCq2vX Object is locked skipped
C:\WINDOWS\Temp\mcmsc_zKh87dmk5h3E4xr Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I know you said to keep it little, but considering of what it all turned up, I figured it would be more useful to post it all..
If this turned up to be a bad idea I'm sorry...
But thank you for the help you may provide in advance