View Full Version : Virtumonde and Smitfraud
Spybot shows me having Virtumonde and Smitfraud
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:23:04 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\system32\585957595B5759.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Documents and Settings\Jill\Application Data\??mantec\n?tepad.exe
C:\Program Files\Insider\Insider.exe
C:\PROGRA~1\COMMON~1\rmuk\rmukm.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Dell Support Center\bin\sprtcmd .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\AIM6\aim6 .exe
C:\PROGRA~1\COMMON~1\rmuk\rmukm .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Insider\Insider .exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A47C895-0D07-76FA-5317-5200B7BC8D9C} - C:\WINDOWS\system32\phjexs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {79A24AEE-237F-4FE0-A9AB-A3E71C0C1CE7} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {960B571F-B30D-4380-9B71-2054BA1633CC} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\awtrrrs.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\khbxfwte.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O2 - BHO: {50ebacc0-f3c9-b11a-2c54-4e97ba965b5c} - {c5b569ab-79e4-45c2-a11b-9c3f0ccabe05} - C:\WINDOWS\system32\nsgflalf.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [AEAFADAFB1ADAFB0] 585957595B5759.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [34b5d872] rundll32.exe "C:\WINDOWS\system32\fiayvdua.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost .exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jill\MYDOCU~1\SSTEM~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Zomqnps] "C:\Documents and Settings\Jill\Application Data\??mantec\n?tepad.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [rmuk] C:\PROGRA~1\COMMON~1\rmuk\rmukm .exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
O20 - Winlogon Notify: awtrrrs - C:\WINDOWS\SYSTEM32\awtrrrs.dll
O20 - Winlogon Notify: khbxfwte - C:\WINDOWS\SYSTEM32\khbxfwte.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13536 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 7:08:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546374
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 190837
Number of viruses found: 43
Number of infected objects: 269
Number of suspicious objects: 2
Duration of the scan process: 08:03:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\cfgdata.log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt .log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt .log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\ApplicationHistory\sprtcmd .exe.1ecb8e9b.ini.inuse Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip/My-Private-H0t-Movies.exe Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\SupportSoft\DellSupportCenter\Jill\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Jill\Local Settings\Temp\JETCAA.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C3C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C42.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C45.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C60.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C63.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C66.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX80E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX814.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX817.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX81D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX820.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX824.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX82D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX833.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX836.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX839.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX83C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9DE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E7.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9ED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9FE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA0D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA10.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA13.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA2A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA30.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA39.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA4A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA59.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA6F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA7E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA8E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA91.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA98.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA9E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA1.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA8.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXACA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD0.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXADA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAEB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF2.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF5.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFF.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB02.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB03.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB09.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB12.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB18.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB1B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB21.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB4B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB54.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB62.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB69.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB72.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB7B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC68.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC6E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC76.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC7C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C4C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C6A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP4BC.tmp Infected: Trojan-Downloader.Win32.Agent.hcn skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9EF.tmp Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F2.tmp Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F5.tmp Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPA1A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPA89.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPAAC.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPAE8.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPB04.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPC77.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPC8A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E72.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E80.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF661D.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF98F6.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF993B.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 7:08:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546374
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 190837
Number of viruses found: 43
Number of infected objects: 269
Number of suspicious objects: 2
Duration of the scan process: 08:03:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\cfgdata.log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt .log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt .log Object is locked skipped
C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\ApplicationHistory\sprtcmd .exe.1ecb8e9b.ini.inuse Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip/My-Private-H0t-Movies.exe Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\SupportSoft\DellSupportCenter\Jill\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Jill\Local Settings\Temp\JETCAA.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C3C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C42.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C45.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C60.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C63.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C66.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX80E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX814.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX817.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX81D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX820.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX824.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX82D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX833.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX836.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX839.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX83C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9DE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E7.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9ED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCX9FE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA0D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA10.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA13.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA2A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA30.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA39.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA4A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA59.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA6F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA7E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA8E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA91.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA98.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXA9E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA1.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA8.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXACA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD0.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXADA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAEB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF2.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF5.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFF.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB02.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB03.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB09.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB12.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB18.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB1B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB21.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB4B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB54.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB62.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB69.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB72.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB7B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXB81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC68.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC6E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC76.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC7C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\RCXC86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C4C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C6A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP4BC.tmp Infected: Trojan-Downloader.Win32.Agent.hcn skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9EF.tmp Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F2.tmp Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F5.tmp Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPA1A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPA89.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPAAC.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPAE8.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPB04.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPC77.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Documents and Settings\Jill\Local Settings\Temp\TMPC8A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E72.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E80.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF661D.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF98F6.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF993B.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\26453da423d82a5fc6fae941d05f1151[1].zip/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\26453da423d82a5fc6fae941d05f1151[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\8154ff2675af1b6e0677560871425153[1].zip/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\8154ff2675af1b6e0677560871425153[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe Inno: infected - 3 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\ptch[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\B14FSCAV\flash3[1].swf Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\I7GOA4D0\c1f5cc94a30f082054f3a00e6655462d[1].zip/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\I7GOA4D0\c1f5cc94a30f082054f3a00e6655462d[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\installax_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\wintouch.prod.v10015.11dec2007.exe[1].4ccc08fb3ce7ead370a0f9da32f020e7 Infected: Trojan-Downloader.Win32.Agent.hcn skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\wtrec.prod.v10006.11dec2007.exe[1].c516a643c558a4d4daa4efafd47eff15 Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\Documents and Settings\Jill\My Documents\sуstem\regsvr32 .exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\Documents and Settings\Jill\My Documents\sуstem\regsvr32.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Jill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\Exe files\mirc612.exe mIRC: infected - 1 skipped
C:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
C:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\Exe files\recipes.exe NSIS: infected - 2 skipped
C:\Program Files\AIM6\aim6.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Common Files\Real\Update_OB\realsched.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Common Files\rmuk\rmuka.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Common Files\rmuk\rmuka.lck Object is locked skipped
C:\Program Files\Common Files\rmuk\rmukl.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Common Files\rmuk\rmukm .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Common Files\rmuk\rmukm.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Common Files\rmuk\rmukm.lck Object is locked skipped
C:\Program Files\Common Files\rmuk\rmukp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Common Files\Symantec Shared\ccApp.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ComPlus Applications\vihy455101.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Dell\Media Experience\PCMService.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Dell Support Center\bin\sprtcmd.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\DellSupport\DSAgnt.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Dot1XCfg\Dot1XCfg .exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Program Files\Dot1XCfg\Dot1XCfg.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ICQ\ICQNet.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Insider\Insider .exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\Program Files\Insider\Insider.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\iTunes\iTunesHelper.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Microsoft IntelliPoint\ipoint.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Norton AntiVirus\Quarantine\01C00457 Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A6365B0 Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1B441840/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1B441840 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1B441840 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A/readme.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\357142E0 Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3766543C/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3766543C ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3766543C CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\39994205/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\39994205 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\39994205 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\53B82545/document.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\53B82545 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\53B82545 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\661A6355/doc.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\661A6355 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\661A6355 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D813716/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D813716 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D813716 CryptFF: infected - 1 skipped
C:\Program Files\QuickTime\qttask .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\QuickTime\qttask .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\QuickTime\qttask.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Windows Media Player\WMPNSCFG.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\spoolsv .exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\spoolsv.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\MSN\dicovu.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.edq skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.hvj skipped
C:\QooBox\Quarantine\C\WINDOWS\PPATCH~1\rеgedit.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gs skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fvjncq.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljjgggd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX49.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssttu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssttu.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\byxuurs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\VundoFix Backups\DSentry.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\ljjgggd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\VundoFix Backups\mrofinu1000106.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\mrofinu572.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\NeroCheck.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\ssttu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\ssttu.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\tfswctrl.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped
C:\WINDOWS\b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\WINDOWS\b147.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\kdx\KHost .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\kdx\KHost.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\mrofinu572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\mrofinu572.exe.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SmlsbA\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SmlsbA\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\585957595B5759.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\WINDOWS\SYSTEM32\awtrrrs.dll Infected: Trojan.Win32.BHO.auf skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\cpcgjlzw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPXX.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\hdkexuyi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\WINDOWS\SYSTEM32\hmirxlvo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\SYSTEM32\jubirkyd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe Infected: Trojan-Downloader.Win32.VB.cge skipped
C:\WINDOWS\SYSTEM32\phjexs.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\WINDOWS\SYSTEM32\RCX35.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SYSTEM32\ssttu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\WINDOWS\SYSTEM32\ssttu.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SYSTEM32\vtussqr.dll Infected: Trojan.Win32.BHO.auf skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
H:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\Exe files\mirc612.exe mIRC: infected - 1 skipped
H:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
H:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
H:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
H:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
H:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
H:\Exe files\recipes.exe NSIS: infected - 2 skipped
H:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\Program Files\Norton AntiVirus\Quarantine\01C00457 Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\0A6365B0 Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\1B441840/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\1B441840 ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\1B441840 CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A/readme.scr Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\357142E0 Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\3766543C/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\3766543C ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\3766543C CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\39994205/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\39994205 ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\39994205 CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\53B82545/document.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\53B82545 ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\53B82545 CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\661A6355/doc.scr Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\661A6355 ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\661A6355 CryptFF: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\7D813716/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
H:\Program Files\Norton AntiVirus\Quarantine\7D813716 ZIP: infected - 1 skipped
H:\Program Files\Norton AntiVirus\Quarantine\7D813716 CryptFF: infected - 1 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi dearpie
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis. Close it.
Rename HijackThis.exe to dearpie.exe.
Open HijackThis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Here is my HJT
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:14:59 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8269 bytes
Merged two topics. I think you missed the instructions here: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)
Shaba responded to you above. :)
Hi dearpie
Just follow my previous instructions and if you don't understand something, just ask :)
What is a PM?
Here is my latest
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:14:59 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8269 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 4:45:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 558465
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
H:\
K:\
L:\
Scan Statistics:
Total number of scanned objects: 170801
Number of viruses found: 12
Number of infected objects: 41
Number of suspicious objects: 2
Duration of the scan process: 05:37:06
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Desktop\backups\backup-20080211-210941-265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Jill\Desktop\backups\backup-20080211-210941-450.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\Documents and Settings\Jill\Desktop\backups\backup-20080211-211358-269.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Jill\Desktop\backups\backup-20080211-211358-275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\Documents and Settings\Jill\Desktop\backups\backup-20080211-211358-980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip/My-Private-H0t-Movies.exe Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\MSHist012008021220080213\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF29E8.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temp\~DF29F3.tmp Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\Exe files\mirc612.exe mIRC: infected - 1 skipped
C:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
C:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\Exe files\recipes.exe NSIS: infected - 2 skipped
C:\Program Files\Dot1XCfg\Dot1XCfg .exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\VundoFix Backups\byqgqmrg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dvdacdud.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ssttu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\ssttu.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\yuwrlyje.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\kdx\KHost .exe Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\kdx\KHost.exe Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\mrofinu572.exe.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SmlsbA\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SmlsbA\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\585957595B5759.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe Infected: Trojan-Downloader.Win32.VB.cge skipped
C:\WINDOWS\SYSTEM32\RCX26.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
H:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\Exe files\mirc612.exe mIRC: infected - 1 skipped
H:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
H:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
H:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
H:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
H:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
H:\Exe files\recipes.exe NSIS: infected - 2 skipped
H:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi
PM = private message
I told you earlier to download latest copy of HijackThis and rename HijackThis.exe to dearpie.exe:
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis. Close it.
Rename HijackThis.exe to dearpie.exe.
Open HijackThis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
I see that you haven't done it.
Please do it now.
If you don't understand something, just ask.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:51 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8072 bytes
Hi
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post:
- a fresh HijackThis log
- combofix report
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.