Adi_Adrian
2008-06-09, 05:55
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 10:50:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/06/2008
Kaspersky Anti-Virus database records: 841128
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 51223
Number of viruses found: 8
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:12:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\history.dat Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\key3.db Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adrian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temp\~DFC56F.tmp Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\ntuser.dat Object is locked skipped
C:\Documents and Settings\Adrian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\9Q0VAN0K\index[1] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\ALBODGBM\index[1] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\index[4] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\CPA74HYZ\b[1].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\CYO3OQXQ\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\b[3].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\b[4].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\index[3] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\LUCZCD74\index[1] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\QTSTEDWT\index[2] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\SDQBWHIN\b[1].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\SDQBWHIN\b[2].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\b[2].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\index[1] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\Y6PQTB49\index[2] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\Y7K7WBYR\index[3] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Adrian.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Adrian.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Adrian.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0025461.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0029469.exe Infected: Backdoor.Win32.Agent.jrp skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0031524.exe Infected: Backdoor.Win32.Agent.jvo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\change.log Object is locked skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP18\A0011009.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP45\A0016437.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\aspimgr.exe Infected: Backdoor.Win32.Agent.jvo skipped
C:\WINDOWS\system32\aspimgr.exe_ Infected: Backdoor.Win32.Agent.jeo skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\sockins32.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\sockots64.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:03 PM, on 6/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aspimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\aRun: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\System32\msscntr32.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7602 bytes
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 10:50:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/06/2008
Kaspersky Anti-Virus database records: 841128
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 51223
Number of viruses found: 8
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:12:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\history.dat Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\key3.db Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adrian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Application Data\Mozilla\Firefox\Profiles\2i16he7x.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temp\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temp\~DFC56F.tmp Object is locked skipped
C:\Documents and Settings\Adrian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adrian\ntuser.dat Object is locked skipped
C:\Documents and Settings\Adrian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\9Q0VAN0K\index[1] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\ALBODGBM\index[1] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\index[4] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\CPA74HYZ\b[1].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\CYO3OQXQ\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\b[3].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\b[4].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\G9QB8T63\index[3] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\LUCZCD74\index[1] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\QTSTEDWT\index[2] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\SDQBWHIN\b[1].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\SDQBWHIN\b[2].js Infected: Exploit.HTML.Iframe.FileDownload.bc skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\b[2].js Infected: Exploit.HTML.Iframe.FileDownload.bb skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\index[1] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\W56JC5U7\index[2] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\Y6PQTB49\index[2] Infected: Backdoor.Win32.Agent.jvp skipped
C:\Documents and Settings\mihai\Local Settings\Temporary Internet Files\Content.IE5\Y7K7WBYR\index[3] Infected: Packed.JS.Agent.d skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Adrian.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Adrian.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Adrian.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0025461.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0029469.exe Infected: Backdoor.Win32.Agent.jrp skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\A0031524.exe Infected: Backdoor.Win32.Agent.jvo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP108\change.log Object is locked skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP18\A0011009.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\System Volume Information\_restore{97FCBF9F-FFF5-474C-AA63-6C4DCDD8101E}\RP45\A0016437.exe Infected: Backdoor.Win32.Agent.jeo skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\aspimgr.exe Infected: Backdoor.Win32.Agent.jvo skipped
C:\WINDOWS\system32\aspimgr.exe_ Infected: Backdoor.Win32.Agent.jeo skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\sockins32.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\sockots64.dll Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:03 PM, on 6/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aspimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\aRun: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\System32\msscntr32.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7602 bytes