Hi! I'm trying to comply with log requirements, but my Kaspersky online scan is not loading properly. Scan is executing, but the page loaded with errors, not giving me an option to print a Report. Any ideas?

hi mrvitas,

Post the hjt log for now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:37 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\jre1.5.0_14\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\VLANIA~1\LOCALS~1\Temp\ms1210341197.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] c:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [e00503f7] rundll32.exe "C:\WINDOWS\system32\rvckijps.dll",b
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\VLANIA~1\LOCALS~1\Temp\ms1210341197.exe work
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lawsonevents.webex.com/client/T25L/webex/ieatgpc.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - c:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - c:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9749 bytes

I'll be back online around midnight. Traveling for work. Thanks again for all the help.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 11, 2008 4:53:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 756163
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
R:\

Scan Statistics:
Total number of scanned objects: 135124
Number of viruses found: 2
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 07:04:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080511_Time-071344875_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080511_Time-071344875_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_ISH-VLANIAUSKAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_ISH-VLANIAUSKAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\vlaniauskas\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\vlaniauskas\Application Data\Microsoft\Word\AutoRecovery save of Safer Networking Forums.asd Object is locked skipped
C:\Documents and Settings\vlaniauskas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Desktop\Do you have VirtuMonde.doc Object is locked skipped
C:\Documents and Settings\vlaniauskas\Desktop\Safer Networking Forums.doc Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\mfprybgv.exe Infected: Trojan.Win32.Agent.gmn skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\Perflib_Perfdata_408.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\Perflib_Perfdata_80c.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\Perflib_Perfdata_e8c.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~DF25F0.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~DF2E78.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~DF5BD7.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~DF89E1.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~DFFAF1.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~WRD0008.doc Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~WRF3583.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\~WRS0620.tmp Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\vlaniauskas\Local Settings\Temporary Internet Files\Content.IE5\O4E6M5L2\init[1].php Infected: Trojan.Win32.Agent.gmn skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\CertClass\Downloads for PC\VNC\vnc-E4_2_9-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\CertClass\Downloads for PC\VNC\vnc-E4_2_9-x86_win32.exe Inno: infected - 1 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\NFTA\43 LSF9\3 VNC Server XWindows\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\NFTA\43 LSF9\3 VNC Server XWindows\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\NFTA\43 LSF9\3 VNC Server XWindows\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\NFTA\43 LSF9\3 VNC Server XWindows\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\vlaniauskas\My Documents\data\NFTA\43 LSF9\3 VNC Server XWindows\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
C:\Documents and Settings\vlaniauskas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\vlaniauskas\ntuser.dat.LOG Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ED994416-71BC-4060-BB0F-90E81890644B}\RP154\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CB9BDA7E-3CB5-4F8A-A4F9-4A71B1CE8412}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hi,

thanks for the info, we will get another download to run:

Please download Malwarebytes' Anti-Malware to your desktop:

http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

post the malwarebytes log please.

Thanks again for your help on this!

Malwarebytes' Anti-Malware 1.12
Database version: 742

Scan type: Full Scan (C:\|R:\|)
Objects scanned: 175037
Time elapsed: 1 hour(s), 26 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
c:\Documents and Settings\vlaniauskas\Local Settings\Temp\ms1210341197.exe (Trojan.Clicker) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\fccdDwXO.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cbXNHxvw.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec4886ad-69b6-49de-9708-03b64f577897} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec4886ad-69b6-49de-9708-03b64f577897} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxnhxvw (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InetChk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccddwxo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccddwxo -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\vlaniauskas\Local Settings\Temp\ms1210341197.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdDwXO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\OXwDdccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\OXwDdccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfuqhqun.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuqhqufl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnacbchm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhcbcanq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vlaniauskas\Local Settings\Temp\mfprybgv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\vlaniauskas\Local Settings\Temporary Internet Files\Content.IE5\O4E6M5L2\init[1].php (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\vlaniauskas\Local Settings\Temporary Internet Files\Content.IE5\PA77Z8JJ\count[1].php (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\vlaniauskas\Local Settings\Temporary Internet Files\Content.IE5\PWDEAVO1\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ED994416-71BC-4060-BB0F-90E81890644B}\RP154\A0025456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNHxvw.dll (Trojan.Vundo) -> Delete on reboot.

hi,

your welcome. looks like you got rid of some stuff. hows it looking on your end now?

Shelf Life - it looks good! I'm definitely not seeing the same screwed up symptoms as before, but how can I be sure? Shall I re-run Spybot S&D or Kaspersky and see if anything is left?

hi,

ok good, yes you can run spybot and the online scan again. you can also rerun malwarebytes if you want to. see how it all looks now.