csdj27
2008-05-18, 00:40
hi there..
i have noticed that my computer is running terribly,
and i'm moments away from reformatting it,
but that is really a last resort.
i am happy to know that there are some folks here that can possibly help.
i have the HJT and kaspersky scan logs below.
any advice on what to do next would be GREATLY appriciated!!
thanks for any help in advance!!
by the way, i am somewhat computer savvy, but not an expert.
i have reformatted my computer probably 3 times in the past 4 years.
but these problems have really stumped me...
i have had to use my task manager to close frozen programs,
and webpages, and noticed that IEXPLORE.EXE
was listed 11 times in a row (in 48 processes)
also, shutting the computer down takes a really long time,
as i have to manually close the IEXPLORE.EXE process
down up to 15-20 times before the machine will actually power off.
life is too short for this!
thanks again for any assistance!!
here are the logs...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:49 PM, on 5/17/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csdj.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AcerVGA Drivers V1.2] C:\WINDOWS\initview32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony DVDRam Version 1.8B] C:\WINDOWS\uiengine32.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6723 bytes
and now for the kaspersky scan results..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 17, 2008 2:57:25 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781688
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 55511
Number of viruses found: 19
Number of infected objects: 60
Number of suspicious objects: 6
Duration of the scan process: 00:59:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1E43B65D-8174-4D4F-B8C6-276386AA1BFC}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Barclays Bank"<Service@barclays.co.uk>][Date Tue, 5 Jun 2007 18:22:27 -0700]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1E43B65D-8174-4D4F-B8C6-276386AA1BFC}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: suspicious - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\6I2Kg2n Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\aXqzQ4E Infected: Trojan-Downloader.Win32.Delf.azy skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\b0F8Itw Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\D5dMPiF Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\HxvErSL Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\lulcomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\MOSwAqj Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\OA6RT3C Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ohmFH9J Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\symlupdatecheck32.exe Infected: Trojan-Downloader.Win32.Agent.kfp skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\syscomutil32.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\syscomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\T5Efz2S Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\utislcomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\vistaupdatecheck32.exe Infected: Trojan-Downloader.Win32.Agent.lvw skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\zoAusUK Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ZzyROa5 Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\416RKLI7\weby18x[1].exe Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/retadpu72.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe NSIS: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe CryptFF: infected - 6 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018367.exe Infected: Trojan-Downloader.Win32.Agent.nem skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018368.dll Infected: Trojan-Downloader.Win32.Agent.neq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018369.dll Infected: Trojan-Downloader.Win32.Agent.nep skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018375.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018376.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018422.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018423.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018429.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018430.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018460.exe Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018461.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018462.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP670\A0018492.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP675\A0018533.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP675\A0018539.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP676\A0018549.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP691\A0018606.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP692\A0018619.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP713\A0018708.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP714\A0018738.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP715\A0018758.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP717\A0018769.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP722\A0018800.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP724\A0018810.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP724\A0018817.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP728\A0018841.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP731\A0019841.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP732\change.log Object is locked skipped
C:\WINDOWS\cmftuq.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\kbdcan32.exe Infected: Trojan-Downloader.Win32.Small.elu skipped
C:\WINDOWS\ntmaspi32.dll Infected: Backdoor.Win32.Small.or skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\432591\432591.dll Infected: not-a-virus:AdWare.Win32.E404.aa skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20080416-191645.backup Infected: Trojan.Win32.Qhost.vt skipped
C:\WINDOWS\system32\drivers\etc\hosts.sam Infected: Trojan.Win32.Qhost.vt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\uiengine32.exe Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
i have noticed that my computer is running terribly,
and i'm moments away from reformatting it,
but that is really a last resort.
i am happy to know that there are some folks here that can possibly help.
i have the HJT and kaspersky scan logs below.
any advice on what to do next would be GREATLY appriciated!!
thanks for any help in advance!!
by the way, i am somewhat computer savvy, but not an expert.
i have reformatted my computer probably 3 times in the past 4 years.
but these problems have really stumped me...
i have had to use my task manager to close frozen programs,
and webpages, and noticed that IEXPLORE.EXE
was listed 11 times in a row (in 48 processes)
also, shutting the computer down takes a really long time,
as i have to manually close the IEXPLORE.EXE process
down up to 15-20 times before the machine will actually power off.
life is too short for this!
thanks again for any assistance!!
here are the logs...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:49 PM, on 5/17/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csdj.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AcerVGA Drivers V1.2] C:\WINDOWS\initview32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony DVDRam Version 1.8B] C:\WINDOWS\uiengine32.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6723 bytes
and now for the kaspersky scan results..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 17, 2008 2:57:25 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781688
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 55511
Number of viruses found: 19
Number of infected objects: 60
Number of suspicious objects: 6
Duration of the scan process: 00:59:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1E43B65D-8174-4D4F-B8C6-276386AA1BFC}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Barclays Bank"<Service@barclays.co.uk>][Date Tue, 5 Jun 2007 18:22:27 -0700]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1E43B65D-8174-4D4F-B8C6-276386AA1BFC}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: suspicious - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\6I2Kg2n Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\aXqzQ4E Infected: Trojan-Downloader.Win32.Delf.azy skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\b0F8Itw Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\D5dMPiF Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\HxvErSL Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\lulcomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\MOSwAqj Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\OA6RT3C Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ohmFH9J Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\symlupdatecheck32.exe Infected: Trojan-Downloader.Win32.Agent.kfp skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\syscomutil32.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\syscomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\T5Efz2S Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\utislcomutil59.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\vistaupdatecheck32.exe Infected: Trojan-Downloader.Win32.Agent.lvw skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\zoAusUK Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ZzyROa5 Infected: Trojan.Win32.Inject.ex skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\416RKLI7\weby18x[1].exe Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/retadpu72.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe NSIS: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B55431B.exe CryptFF: infected - 6 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018367.exe Infected: Trojan-Downloader.Win32.Agent.nem skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018368.dll Infected: Trojan-Downloader.Win32.Agent.neq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018369.dll Infected: Trojan-Downloader.Win32.Agent.nep skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018375.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP655\A0018376.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018422.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018423.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018429.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP662\A0018430.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018460.exe Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018461.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP667\A0018462.dll Infected: Trojan-Downloader.Win32.Agent.kfq skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP670\A0018492.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP675\A0018533.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP675\A0018539.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP676\A0018549.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP691\A0018606.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP692\A0018619.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP713\A0018708.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP714\A0018738.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP715\A0018758.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP717\A0018769.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP722\A0018800.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP724\A0018810.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP724\A0018817.dll Infected: Trojan-Spy.Win32.Delf.bxr skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP728\A0018841.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP731\A0019841.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\System Volume Information\_restore{71F94391-EAE2-41CD-8D2A-B59FFF8DDA76}\RP732\change.log Object is locked skipped
C:\WINDOWS\cmftuq.dll Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\kbdcan32.exe Infected: Trojan-Downloader.Win32.Small.elu skipped
C:\WINDOWS\ntmaspi32.dll Infected: Backdoor.Win32.Small.or skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\432591\432591.dll Infected: not-a-virus:AdWare.Win32.E404.aa skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20080416-191645.backup Infected: Trojan.Win32.Qhost.vt skipped
C:\WINDOWS\system32\drivers\etc\hosts.sam Infected: Trojan.Win32.Qhost.vt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\uiengine32.exe Infected: Trojan-Spy.Win32.Delf.bxm skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.