VirtuMonde and other malware problems
Hi there. I have major spyware problems on a computer and I need help desperately since no matter how many times I run Spybot or Ad-Aware, I can't seem to remove it.
I did have VirtuMonde and I ran Symantec Virtumonde Removal Tool 1.0.3, but I don't know if it's completely gone. I still get IE popups at random even when I'm using Firefox.
I've ran Kaspersky and HiJackThis and I have the logs.
Here is the HiJack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:58 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TB7A7B.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\Another Name.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B324D0F-D31B-49BA-80B0-B5E534AB901D} - (no file)
O2 - BHO: (no name) - {3AF8D4E3-73C8-4FC1-973C-3C0C1C730B84} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6c8bc864-db40-466d-84df-20d57ce29900} - C:\WINDOWS\System32\ufkqlos.dll (file missing)
O2 - BHO: (no name) - {6D1BE497-DE9E-4E98-9E85-D0A6097E98CF} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\fcxsxlck.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B6B28553-BA10-48E8-B3C9-615CD85D5111} - C:\Program Files\Online Services\hotehyso4444.dll
O2 - BHO: (no name) - {BAA7863C-158A-48EC-B42E-5DBA340DB774} - C:\WINDOWS\System32\awtsq.dll
O2 - BHO: (no name) - {C46AC196-CB61-4880-AD09-3A5BF63E64A6} - C:\Program Files\Online Services\hotehyso83122.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [c480d110] rundll32.exe "C:\WINDOWS\system32\xccrjxab.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA498] command /c del "C:\WINDOWS\SYSTEM32\cwfpslzj.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7995] command /c del "C:\Documents and Settings\worcparalegal\Local Settings\Temp\cmdinst.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2210] cmd /c del "C:\Documents and Settings\worcparalegal\Local Settings\Temp\cmdinst.exe"
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.stamps.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://amabileburkly01:4343/offices...l/WinNTChk.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://amabileburkly01:4343/offices...tml/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://amabileburkly01:4343/offices...RemoveCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amabileburkly.local
O17 - HKLM\Software\..\Telephony: DomainName = amabileburkly.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amabileburkly.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = amabileburkly.local
O20 - Winlogon Notify: qomlihe - qomlihe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.smilesbywire.com/SittingI...104_042006.jpg
--
End of file - 8563 bytes
Also please ask me for the Kaspersky log and I will provide, since it is a bit long. This is the basic info I got from it:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 24, 2007 8:43:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/10/2007
Kaspersky Anti-Virus database records: 443501
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Q:\
Scan Statistics:
Total number of scanned objects: 78849
Number of viruses found: 43
Number of infected objects: 223
Thanks so much!
-Stephanie :)
Virtumonde still there it seems
It looks like there's still some problems. Spybot said that amon:sad:g other advertising cookies I had, I still had the registry value of Virtumonde.generic. Here are the 2 logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:46 AM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\IM5A3A.EXE
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\Another Name.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D1BE497-DE9E-4E98-9E85-D0A6097E98CF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-1047\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-1047\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-1047\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-1070\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-2697\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'dorothy.desil')
O4 - HKUS\S-1-5-21-1247831667-651766000-619646970-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2350920385-1629795875-2991971496-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.stamps.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://amabileburkly01:4343/offices...l/WinNTChk.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://amabileburkly01:4343/offices...tml/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://amabileburkly01:4343/offices...RemoveCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193334058855
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amabileburkly.local
O17 - HKLM\Software\..\Telephony: DomainName = amabileburkly.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amabileburkly.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.smilesbywire.com/SittingI...104_042006.jpg
--
End of file - 8466 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
October 26, 2007 8:55:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/10/2007
Kaspersky Anti-Virus database records: 446338
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Q:\
Scan Statistics:
Total number of scanned objects: 65250
Number of viruses found: 43
Number of infected objects: 252
Number of suspicious objects: 2
Duration of the scan process: 01:49:11
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d11d046ed97286fce8db15a038c1cdd_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.5/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\dorothy.desil\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dorothy.desil\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\worcparalegal\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\History\History.IE5\MSHist012007102520071026\index.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\Temp\jar_cache14518.tmp Object is locked skipped
C:\Documents and Settings\worcparalegal\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\ntuser.dat Object is locked skipped
C:\Documents and Settings\worcparalegal\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1.dllb Infected: Trojan-Downloader.Win32.Tibs.gc skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\5.dllb Infected: Trojan-Downloader.Win32.Tibs.gc skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1].zip/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1].zip ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1].zip CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_d4.VIR/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_d4.VIR ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_d4.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_dc.VIR/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_dc.VIR ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\8154ff2675af1b6e0677560871425153[1]_dc.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122.exe NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122.exe CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1].exe NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1].exe CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_104.VIR/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_104.VIR NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_104.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_118.VIR/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_118.VIR NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122[1]_118.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_100.VIR/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_100.VIR NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_100.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_134.VIR/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_134.VIR NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\83122_134.VIR CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0035691.exe Infected: Trojan-Proxy.Win32.Delf.ca skipped
Rest of Kaspersky log will be posted next.
and the very last portion of the Kaspersky log
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\VSS55EIF.03K Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\VSS56SQ7.001 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\VSS57T07.03N Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\vx1t3.game Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wr12drver.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wxdswoci.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xpre.exe Infected: Trojan-Downloader.Win32.VB.axa skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xrun.exe Infected: Trojan-Downloader.Win32.Agent.brq skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\zgame4[1]_220.VIR Infected: Trojan-Downloader.Win32.Small.dzd skipped
C:\qoobox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\qoobox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\ISM2\ISMPack7.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\qoobox\Quarantine\C\Program Files\Online Services\hotehyso4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Online Services\hotehyso83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\TTC.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\firramaf.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\mkmswkga.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\que1\aded83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\que1\aded83122.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\vMW02a\vMW02a1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\catchme2007-10-25_ 93020.79.zip/mkmswkga.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\qoobox\Quarantine\catchme2007-10-25_ 93020.79.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP935\A0058944.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP935\A0058944.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP935\A0059302.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP935\A0059303.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP935\A0059316.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP936\A0059906.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP936\A0059906.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP968\A0064147.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP968\A0064147.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP969\A0064157.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP969\A0064157.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP969\A0064475.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP969\A0064528.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP969\A0064528.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064598.dll Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064599.exe Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064668.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064668.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064727.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064727.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064730.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP970\A0064730.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064830.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064831.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064832.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064837.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064837.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064839.exe Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064840.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064843.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\A0064843.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP971\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP972\A0064975.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP972\A0064975.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP972\A0064978.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP972\A0064983.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP972\A0064986.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP976\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\CSC\d1\00000190 Object is locked skipped
C:\WINDOWS\CSC\d1\00002458 Object is locked skipped
C:\WINDOWS\CSC\d2\00000101 Object is locked skipped
C:\WINDOWS\CSC\d5\000001CC Object is locked skipped
C:\WINDOWS\CSC\d6\00002485 Object is locked skipped
C:\WINDOWS\CSC\d7\0000017E Object is locked skipped
C:\WINDOWS\CSC\d8\00002457 Object is locked skipped
C:\WINDOWS\CSC\d8\0000247F Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{929DF61B-4505-447C-84E7-0685FD27B24A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.000 Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.001 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.002 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.003 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.004 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\WINDOWS\SYSTEM32\TmEncryptTemp.005 Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_678.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.