nikecar
2008-05-14, 05:17
Ok. What a great Mom's day. My mom and sister in law were on our desktop PC and did something and now there is a wonderful malware/spyware/virus going on.
These are things I've done.
1st- updated and ran Ad-Aware. Sorry I don't have a log of that. Found some stuff, including the virtumonde and some other stuff. Said it cleaned it, but I highly doubt it.
2nd- Installed and ran Spybot. Got the virtumonde again, the smit... one, and some others. I've ran Spybot several times to clean it and it never fully cleaned it of course. Ive ran it in both safe and regular modes before I came here.
3rd- ran Combofix. I know I know, I shouldn't have done that until I posted and got recommendation. After I did that, the Smit stuff went away, but I get the virtumonde and I cannot have access to the task manager or registry in normal mode. Safe mode yes.
4th- visited this site and looked at the BEFORE YOU POST thread. So here is the results... The Kapersky scan took me 4 times before it actualy worked today.
I'll post the Kaspersky log first, then the HJT log, then in another post, the Spybot logs. I did them in safemode. The ByP thread says to keep doing spybot until the red items are cleaned, but I've never gotten everything cleaned by spybot. So I'll post the 1st safemode Spybot scan today, the the 2nd I did immediately afterwards.
Thanks in advance for all your help.
Kaspersky scan
********************************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-13 13:07
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 768445
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 179473
Number of viruses found: 24
Number of infected objects: 103
Number of suspicious objects: 2
Duration of the scan process: 03:25:11
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_TRINIDADG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_TRINIDADG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Fоnts\wυauboot.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Fri, 1 Jul 2005 15:29:06 -0400]/account-report.zip/account-report.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Fri, 1 Jul 2005 15:29:06 -0400]/account-report.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED/updated-password.zip/updated-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED/updated-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED/important-details.zip/important-details.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED/important-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED/new-password.zip/new-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED/new-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED/account-password.zip/account-password.doc .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED/account-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED/email-password.zip/email-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED/email-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From stay@hojoanaheim.com][Date Sat, 31 Jul 2004 20:02:01 -0400]/UNNAMED/doc.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From stay@hojoanaheim.com][Date Sat, 31 Jul 2004 20:02:01 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED/email-details.zip/email-details.doc .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED/email-details.zip/email-details.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED/email-password.zip/email-password.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED/email-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED/password.zip/password.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED/password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED/account-report.zip/account-report.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED/account-report.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED/account-info.zip/account-info.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED/account-info.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED/readme.zip/readme.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED/readme.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED/email-details.zip/email-details.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED/readme.zip/readme.htm .scr Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED/readme.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED/important-details.zip/important-details.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED/important-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 49 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\QooBox\Quarantine\C\WINDOWS\PPATCH~1\javaw.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kaqpjgh.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\quarantine\Av-test.txt.Vir Infected: EICAR-Test-File skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir ZIP: infected - 4 skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir ZIP: infected - 3 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir RarSFX: infected - 5 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir RarSFX: infected - 5 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193798.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193801.exe Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193802.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193802.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193825.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193826.exe Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193827.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193855.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193856.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193858.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193860.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193860.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1241\change.log Object is locked skipped
C:\WINDOWS\b2new.exe Infected: Trojan-Downloader.Win32.Agent.otg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\vzbb.dll.old Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sockins32.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\492 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
******************************************
HJT Log
******************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\dlbxcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {868C1DC2-E4FF-4139-B061-39BF8D5E2E23} - C:\WINDOWS\system32\awttrPFU.dll (file missing)
O2 - BHO: (no name) - {8747D09D-4F28-4D23-B710-A03AB3D46B72} - C:\WINDOWS\system32\geBrqnNE.dll (file missing)
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\geBuUnkH.dll
O2 - BHO: (no name) - {DFCF2FCB-4189-45B6-AB7E-86E02E665C50} - C:\WINDOWS\system32\fccdEtUK.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [5ce74a08] rundll32.exe "C:\WINDOWS\system32\plypjrih.dll",b
O4 - HKLM\..\Run: [BM5fd47994] Rundll32.exe "C:\WINDOWS\system32\djlrypgw.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\PPATCH~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Umwtcl] "C:\Documents and Settings\Owner\Application Data\F?nts\w?auboot.exe"
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: PUFLITE - http://victortrinidad.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://rap.hsn.net/sre/ICSScanner.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.2.05.20/Control/IRCSharc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.316networks.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hsn.webex.com/client/T23L/training/ieatgpc.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O20 - Winlogon Notify: geBuUnkH - C:\WINDOWS\SYSTEM32\geBuUnkH.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\System32\dlbxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 14390 bytes
********************************
These are things I've done.
1st- updated and ran Ad-Aware. Sorry I don't have a log of that. Found some stuff, including the virtumonde and some other stuff. Said it cleaned it, but I highly doubt it.
2nd- Installed and ran Spybot. Got the virtumonde again, the smit... one, and some others. I've ran Spybot several times to clean it and it never fully cleaned it of course. Ive ran it in both safe and regular modes before I came here.
3rd- ran Combofix. I know I know, I shouldn't have done that until I posted and got recommendation. After I did that, the Smit stuff went away, but I get the virtumonde and I cannot have access to the task manager or registry in normal mode. Safe mode yes.
4th- visited this site and looked at the BEFORE YOU POST thread. So here is the results... The Kapersky scan took me 4 times before it actualy worked today.
I'll post the Kaspersky log first, then the HJT log, then in another post, the Spybot logs. I did them in safemode. The ByP thread says to keep doing spybot until the red items are cleaned, but I've never gotten everything cleaned by spybot. So I'll post the 1st safemode Spybot scan today, the the 2nd I did immediately afterwards.
Thanks in advance for all your help.
Kaspersky scan
********************************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-13 13:07
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 768445
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 179473
Number of viruses found: 24
Number of infected objects: 103
Number of suspicious objects: 2
Duration of the scan process: 03:25:11
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_TRINIDADG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_TRINIDADG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Fоnts\wυauboot.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Fri, 1 Jul 2005 15:29:06 -0400]/account-report.zip/account-report.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Fri, 1 Jul 2005 15:29:06 -0400]/account-report.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED/updated-password.zip/updated-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED/updated-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Wed, 15 Jun 2005 18:25:16 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED/important-details.zip/important-details.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED/important-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Fri, 24 Jun 2005 20:38:17 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED/new-password.zip/new-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED/new-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 17:05:36 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED/account-password.zip/account-password.doc .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED/account-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From admin@oursouthpointe.com][Date Wed, 15 Jun 2005 14:21:11 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED/email-password.zip/email-password.txt .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED/email-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 15 Jun 2005 13:48:12 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From stay@hojoanaheim.com][Date Sat, 31 Jul 2004 20:02:01 -0400]/UNNAMED/doc.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From stay@hojoanaheim.com][Date Sat, 31 Jul 2004 20:02:01 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED/email-details.zip/email-details.doc .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 27 Jun 2005 19:10:08 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED/email-details.zip/email-details.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Sun, 26 Jun 2005 17:25:06 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED/email-password.zip/email-password.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED/email-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 29 Jun 2005 19:29:12 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED/password.zip/password.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED/password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From service@oursouthpointe.com][Date Wed, 6 Jul 2005 20:48:24 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED/account-report.zip/account-report.htm .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED/account-report.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Wed, 6 Jul 2005 13:21:47 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED/account-info.zip/account-info.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED/account-info.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From register@oursouthpointe.com][Date Wed, 6 Jul 2005 08:39:47 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED/readme.zip/readme.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED/readme.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Tue, 5 Jul 2005 19:19:58 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED/email-details.zip/email-details.doc .pif Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED/email-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@oursouthpointe.com][Date Tue, 5 Jul 2005 15:33:33 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED/readme.zip/readme.htm .scr Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED/readme.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From webmaster@oursouthpointe.com][Date Mon, 4 Jul 2005 19:56:53 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED/important-details.zip/important-details.txt .exe Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED/important-details.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From support@oursouthpointe.com][Date Mon, 4 Jul 2005 16:58:41 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 49 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\QooBox\Quarantine\C\WINDOWS\PPATCH~1\javaw.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kaqpjgh.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\quarantine\Av-test.txt.Vir Infected: EICAR-Test-File skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\java.jar-3197ec81-56229054.zip.Vir ZIP: infected - 4 skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\quarantine\loaderadv640.jar-2b09cfd1-14733e3c.zip.Vir ZIP: infected - 3 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32.exe.Vir RarSFX: infected - 5 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\quarantine\syswcc32[1].exe.Vir RarSFX: infected - 5 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193798.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193801.exe Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193802.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193802.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193825.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193826.exe Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193827.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193855.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193856.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193858.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193859.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193860.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1237\A0193860.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP1241\change.log Object is locked skipped
C:\WINDOWS\b2new.exe Infected: Trojan-Downloader.Win32.Agent.otg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\vzbb.dll.old Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sockins32.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\492 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
******************************************
HJT Log
******************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\System32\dlbxcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {868C1DC2-E4FF-4139-B061-39BF8D5E2E23} - C:\WINDOWS\system32\awttrPFU.dll (file missing)
O2 - BHO: (no name) - {8747D09D-4F28-4D23-B710-A03AB3D46B72} - C:\WINDOWS\system32\geBrqnNE.dll (file missing)
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\geBuUnkH.dll
O2 - BHO: (no name) - {DFCF2FCB-4189-45B6-AB7E-86E02E665C50} - C:\WINDOWS\system32\fccdEtUK.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [5ce74a08] rundll32.exe "C:\WINDOWS\system32\plypjrih.dll",b
O4 - HKLM\..\Run: [BM5fd47994] Rundll32.exe "C:\WINDOWS\system32\djlrypgw.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\PPATCH~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Umwtcl] "C:\Documents and Settings\Owner\Application Data\F?nts\w?auboot.exe"
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: PUFLITE - http://victortrinidad.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://rap.hsn.net/sre/ICSScanner.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.2.05.20/Control/IRCSharc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.316networks.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hsn.webex.com/client/T23L/training/ieatgpc.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O20 - Winlogon Notify: geBuUnkH - C:\WINDOWS\SYSTEM32\geBuUnkH.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\System32\dlbxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 14390 bytes
********************************