First time for Virtumonde virus

**06runner** · 2007-09-25, 02:21

Here is the Kaspersky Log:

Monday, September 24, 2007 8:16:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 25/09/2007
Kaspersky Anti-Virus database records: 422929

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 90900
Number of viruses found 32
Number of infected objects 121
Number of suspicious objects 0
Duration of the scan process 02:33:07

Infected Object Name Virus Name Last Action
C:\3395b22e0d5b6b1d9c32198b\update\update.exe Object is locked skipped

C:\a863617ee620a6241f\update\update.exe Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\David\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.f314eb97.ini.inuse Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\MSHist012007092420070925\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DF1945.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DFE6EC.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DFE6F7.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\e9511eda960ee2629b25\admparse.dll Object is locked skipped

C:\e9511eda960ee2629b25\admparse.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\advpack.dll Object is locked skipped

C:\e9511eda960ee2629b25\advpack.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\browseui.dll Object is locked skipped

C:\e9511eda960ee2629b25\corpol.dll Object is locked skipped

C:\e9511eda960ee2629b25\custsat.dll Object is locked skipped

C:\e9511eda960ee2629b25\dxtmsft.dll Object is locked skipped

C:\e9511eda960ee2629b25\dxtrans.dll Object is locked skipped

C:\e9511eda960ee2629b25\extmgr.dll Object is locked skipped

C:\e9511eda960ee2629b25\extmgr.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\feeddisc.wav Object is locked skipped

C:\e9511eda960ee2629b25\hmmapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\hmmapi.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\html.iec Object is locked skipped

C:\e9511eda960ee2629b25\html.iec.mui Object is locked skipped

C:\e9511eda960ee2629b25\icardie.dll Object is locked skipped

C:\e9511eda960ee2629b25\icardie.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\icrav03.rat Object is locked skipped

C:\e9511eda960ee2629b25\ie4uinit.exe Object is locked skipped

C:\e9511eda960ee2629b25\ie4uinit.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakeng.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieakeng.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakmmc.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieaksie.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieaksie.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakui.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieakui.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieapfltr.dat Object is locked skipped

C:\e9511eda960ee2629b25\ieapfltr.dll Object is locked skipped

C:\e9511eda960ee2629b25\iedkcs32.dll Object is locked skipped

C:\e9511eda960ee2629b25\iedkcs32.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iedw.exe Object is locked skipped

C:\e9511eda960ee2629b25\iedw.exe.mui Object is locked

**06runner** · 2007-09-25, 02:21

Con't...

C:\e9511eda960ee2629b25\ieencode.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieeula.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieframe.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieframe.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iepeers.dll Object is locked skipped

C:\e9511eda960ee2629b25\iepeers.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieproxy.dll Object is locked skipped

C:\e9511eda960ee2629b25\iernonce.dll Object is locked skipped

C:\e9511eda960ee2629b25\iernonce.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iertutil.dll Object is locked skipped

C:\e9511eda960ee2629b25\iesetup.dll Object is locked skipped

C:\e9511eda960ee2629b25\iesetup.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iesupp.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieudinit.exe Object is locked skipped

C:\e9511eda960ee2629b25\ieui.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieui.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieuinit.inf Object is locked skipped

C:\e9511eda960ee2629b25\ieunatt.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.chm Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.exe Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\imgutil.dll Object is locked skipped

C:\e9511eda960ee2629b25\inetcorp.iem Object is locked skipped

C:\e9511eda960ee2629b25\inetcpl.cpl Object is locked skipped

C:\e9511eda960ee2629b25\inetcpl.cpl.mui Object is locked skipped

C:\e9511eda960ee2629b25\inetres.adm Object is locked skipped

C:\e9511eda960ee2629b25\inetset.iem Object is locked skipped

C:\e9511eda960ee2629b25\infobar.wav Object is locked skipped

C:\e9511eda960ee2629b25\inseng.dll Object is locked skipped

C:\e9511eda960ee2629b25\inseng.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\install.ins Object is locked skipped

C:\e9511eda960ee2629b25\jscript.dll Object is locked skipped

C:\e9511eda960ee2629b25\jsproxy.dll Object is locked skipped

C:\e9511eda960ee2629b25\licmgr10.dll Object is locked skipped

C:\e9511eda960ee2629b25\licmgr10.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msfeeds.dll Object is locked skipped

C:\e9511eda960ee2629b25\msfeeds.mof Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.dll Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.mof Object is locked skipped

C:\e9511eda960ee2629b25\msfeedssync.exe Object is locked skipped

C:\e9511eda960ee2629b25\mshta.exe Object is locked skipped

C:\e9511eda960ee2629b25\mshta.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.tlb Object is locked skipped

C:\e9511eda960ee2629b25\mshtmled.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtmled.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtmler.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtmler.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msls31.dll Object is locked skipped

C:\e9511eda960ee2629b25\msrating.dll Object is locked skipped

C:\e9511eda960ee2629b25\msrating.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mstime.dll Object is locked skipped

C:\e9511eda960ee2629b25\navstart.wav Object is locked skipped

C:\e9511eda960ee2629b25\occache.dll Object is locked skipped

C:\e9511eda960ee2629b25\occache.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\occache.ini Object is locked skipped

C:\e9511eda960ee2629b25\pngfilt.dll Object is locked skipped

C:\e9511eda960ee2629b25\popupblk.wav Object is locked skipped

C:\e9511eda960ee2629b25\shdocvw.dll Object is locked skipped

C:\e9511eda960ee2629b25\shlwapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\spmsg.dll Object is locked skipped

C:\e9511eda960ee2629b25\spuninst.exe Object is locked skipped

C:\e9511eda960ee2629b25\spupdsvc.exe Object is locked skipped

C:\e9511eda960ee2629b25\tdc.ocx Object is locked skipped

C:\e9511eda960ee2629b25\ticrf.rat Object is locked skipped

C:\e9511eda960ee2629b25\update\eula.rtf Object is locked skipped

C:\e9511eda960ee2629b25\update\idndl.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\ie7.cat Object is locked skipped

C:\e9511eda960ee2629b25\update\iecustom.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\iereseticons.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\iesetup.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\legitlibm.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\nlsdl.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\update.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\update.exe.manifest Object is locked skipped

C:\e9511eda960ee2629b25\update\update.inf Object is locked skipped

C:\e9511eda960ee2629b25\update\update.ver Object is locked skipped

C:\e9511eda960ee2629b25\update\updspapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\xmllitesetup.exe Object is locked skipped

C:\e9511eda960ee2629b25\url.dll Object is locked skipped

C:\e9511eda960ee2629b25\urlmon.dll Object is locked skipped

C:\e9511eda960ee2629b25\urlmon.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\vbscript.dll Object is locked skipped

C:\e9511eda960ee2629b25\vgx.dll Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.dll Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.ini Object is locked skipped

C:\e9511eda960ee2629b25\winfxdocobj.exe Object is locked skipped

C:\e9511eda960ee2629b25\winfxdocobj.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\wininet.dll Object is locked skipped

C:\e9511eda960ee2629b25\wininet.dll.mui Object is locked skipped

C:\Program Files\Hijackthis\backups\backup-20070923-144248-955.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\rqwk\rqwkp.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\QooBox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: Trojan.Win32.Agent.bnd skipped

C:\QooBox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped

C:\QooBox\Quarantine\C\Program Files\iWin Games\iWinGamesHookIE.dll.vir Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\QooBox\Quarantine\C\Program Files\NetMeeting\hozysy22011.exe.vir Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 2 skipped

C:\QooBox\Quarantine\C\Program Files\svhost\wr-1-77.exe.vir Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped

C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.dn skipped

C:\QooBox\Quarantine\C\WINDOWS\b103.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.d skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped

C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\QooBox\Quarantine\C\WINDOWS\b143.exe.vir Infected: Trojan-Downloader.Win32.Agent.dlx skipped

C:\QooBox\Quarantine\C\WINDOWS\b147.exe.vir Infected: Trojan.Win32.Agent.bnd skipped

C:\QooBox\Quarantine\C\WINDOWS\retadpu77.exe.vir Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\QooBox\Quarantine\C\WINDOWS\SCURIT~1\mѕconfig.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\QooBox\Quarantine\C\WINDOWS\svhost.exe.vir Infected: Trojan-Proxy.Win32.VB.x skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B1\m22011.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B1\m22011.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bgd skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f10WtR\f10WtR1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\QooBox\Quarantine\catchme2007-09-23_111909.82.zip/rqrrqrq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

**06runner** · 2007-09-25, 02:22

3rd and final:

C:\QooBox\Quarantine\catchme2007-09-23_111909.82.zip/ddayv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ma skipped

C:\QooBox\Quarantine\catchme2007-09-23_111909.82.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP955\A0126383.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP955\A0126384.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137595.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137595.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137596.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP961\A0138910.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140780.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140780.exe Inno: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140791.exe Infected: Trojan-Downloader.Win32.Agent.dhj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142815.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142822.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142823.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142825.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142826.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142844.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142874.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142875.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0142989.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP978\A0143011.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP978\A0143050.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP979\A0144029.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0144066.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0144078.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP983\A0144120.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0145130.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0146131.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0146132.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146142.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146146.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146148.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146177.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147219.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147221.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147223.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148192.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148210.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148229.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0149271.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0150265.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0151265.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0152264.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0160274.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162288.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162313.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162317.exe Infected: Trojan-Downloader.Win32.Adload.lj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0164309.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0166311.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0167311.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0168309.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0169332.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0170334.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0171333.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0172334.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172352.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172354.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172357.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172358.exe Infected: Trojan-Downloader.Win32.Agent.dlx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172359.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172363.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172364.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172365.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172366.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172371.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172373.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172378.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172379.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172383.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172385.exe Infected: Trojan-Proxy.Win32.VB.x skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\A0173706.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\A0173713.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\change.log Object is locked skipped

C:\VundoFix Backups\rqrrqrq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\retadpu77.exe_tobedeleted_old Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\ICM55\nav22011.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\WINDOWS\SYSTEM32\ICM55\nav22011.exe NSIS: infected - 1 skipped

C:\WINDOWS\SYSTEM32\temp2\hn12.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINDOWS\SYSTEM32\temp2\hn12.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINDOWS\SYSTEM32\temp2\hn12.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINDOWS\SYSTEM32\temp2\hn12.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINDOWS\SYSTEM32\temp2\hn12.exe RarSFX: infected - 4 skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**Shaba** · 2007-09-25, 09:21

Hi

Empty these folders:

C:\QooBox\Quarantine\
C:\VundoFix Backups

Delete these:

C:\WINDOWS\SYSTEM32\ICM55
C:\WINDOWS\SYSTEM32\temp2
C:\WINDOWS\retadpu77.exe_tobedeleted_old

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh hijackthis log
- kaspersky report

**06runner** · 2007-09-26, 04:09

Here is the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:55:15 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Palm\AlarmApp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\b58i8f4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\b58i8f4b.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187570909136
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

**06runner** · 2007-09-26, 04:10

Here is the Kaspersky log:

Tuesday, September 25, 2007 8:54:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 26/09/2007
Kaspersky Anti-Virus database records: 423510

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 88411
Number of viruses found 30
Number of infected objects 90
Number of suspicious objects 0
Duration of the scan process 02:31:55

Infected Object Name Virus Name Last Action
C:\3395b22e0d5b6b1d9c32198b\update\update.exe Object is locked skipped

C:\a863617ee620a6241f\update\update.exe Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\David\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\David\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.f314eb97.ini.inuse Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\MSHist012007092520070926\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DF3F98.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DF3FA3.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\~DFF380.tmp Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\e9511eda960ee2629b25\admparse.dll Object is locked skipped

C:\e9511eda960ee2629b25\admparse.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\advpack.dll Object is locked skipped

C:\e9511eda960ee2629b25\advpack.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\browseui.dll Object is locked skipped

C:\e9511eda960ee2629b25\corpol.dll Object is locked skipped

C:\e9511eda960ee2629b25\custsat.dll Object is locked skipped

C:\e9511eda960ee2629b25\dxtmsft.dll Object is locked skipped

C:\e9511eda960ee2629b25\dxtrans.dll Object is locked skipped

C:\e9511eda960ee2629b25\extmgr.dll Object is locked skipped

C:\e9511eda960ee2629b25\extmgr.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\feeddisc.wav Object is locked skipped

C:\e9511eda960ee2629b25\hmmapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\hmmapi.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\html.iec Object is locked skipped

C:\e9511eda960ee2629b25\html.iec.mui Object is locked skipped

C:\e9511eda960ee2629b25\icardie.dll Object is locked skipped

C:\e9511eda960ee2629b25\icardie.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\icrav03.rat Object is locked skipped

C:\e9511eda960ee2629b25\ie4uinit.exe Object is locked skipped

**06runner** · 2007-09-26, 04:13

2nd Part of log:

C:\e9511eda960ee2629b25\ie4uinit.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakeng.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieakeng.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakmmc.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieaksie.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieaksie.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieakui.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieakui.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieapfltr.dat Object is locked skipped

C:\e9511eda960ee2629b25\ieapfltr.dll Object is locked skipped

C:\e9511eda960ee2629b25\iedkcs32.dll Object is locked skipped

C:\e9511eda960ee2629b25\iedkcs32.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iedw.exe Object is locked skipped

C:\e9511eda960ee2629b25\iedw.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieencode.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieeula.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieframe.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieframe.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iepeers.dll Object is locked skipped

C:\e9511eda960ee2629b25\iepeers.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieproxy.dll Object is locked skipped

C:\e9511eda960ee2629b25\iernonce.dll Object is locked skipped

C:\e9511eda960ee2629b25\iernonce.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iertutil.dll Object is locked skipped

C:\e9511eda960ee2629b25\iesetup.dll Object is locked skipped

C:\e9511eda960ee2629b25\iesetup.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\iesupp.chm Object is locked skipped

C:\e9511eda960ee2629b25\ieudinit.exe Object is locked skipped

C:\e9511eda960ee2629b25\ieui.dll Object is locked skipped

C:\e9511eda960ee2629b25\ieui.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\ieuinit.inf Object is locked skipped

C:\e9511eda960ee2629b25\ieunatt.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.chm Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.exe Object is locked skipped

C:\e9511eda960ee2629b25\iexplore.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\imgutil.dll Object is locked skipped

C:\e9511eda960ee2629b25\inetcorp.iem Object is locked skipped

C:\e9511eda960ee2629b25\inetcpl.cpl Object is locked skipped

C:\e9511eda960ee2629b25\inetcpl.cpl.mui Object is locked skipped

C:\e9511eda960ee2629b25\inetres.adm Object is locked skipped

C:\e9511eda960ee2629b25\inetset.iem Object is locked skipped

C:\e9511eda960ee2629b25\infobar.wav Object is locked skipped

C:\e9511eda960ee2629b25\inseng.dll Object is locked skipped

C:\e9511eda960ee2629b25\inseng.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\install.ins Object is locked skipped

C:\e9511eda960ee2629b25\jscript.dll Object is locked skipped

C:\e9511eda960ee2629b25\jsproxy.dll Object is locked skipped

C:\e9511eda960ee2629b25\licmgr10.dll Object is locked skipped

C:\e9511eda960ee2629b25\licmgr10.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msfeeds.dll Object is locked skipped

C:\e9511eda960ee2629b25\msfeeds.mof Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.dll Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msfeedsbs.mof Object is locked skipped

C:\e9511eda960ee2629b25\msfeedssync.exe Object is locked skipped

C:\e9511eda960ee2629b25\mshta.exe Object is locked skipped

C:\e9511eda960ee2629b25\mshta.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtml.tlb Object is locked skipped

C:\e9511eda960ee2629b25\mshtmled.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtmled.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mshtmler.dll Object is locked skipped

C:\e9511eda960ee2629b25\mshtmler.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\msls31.dll Object is locked skipped

C:\e9511eda960ee2629b25\msrating.dll Object is locked skipped

C:\e9511eda960ee2629b25\msrating.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\mstime.dll Object is locked skipped

C:\e9511eda960ee2629b25\navstart.wav Object is locked skipped

C:\e9511eda960ee2629b25\occache.dll Object is locked skipped

C:\e9511eda960ee2629b25\occache.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\occache.ini Object is locked skipped

C:\e9511eda960ee2629b25\pngfilt.dll Object is locked skipped

C:\e9511eda960ee2629b25\popupblk.wav Object is locked skipped

C:\e9511eda960ee2629b25\shdocvw.dll Object is locked skipped

C:\e9511eda960ee2629b25\shlwapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\spmsg.dll Object is locked skipped

C:\e9511eda960ee2629b25\spuninst.exe Object is locked skipped

C:\e9511eda960ee2629b25\spupdsvc.exe Object is locked skipped

C:\e9511eda960ee2629b25\tdc.ocx Object is locked skipped

C:\e9511eda960ee2629b25\ticrf.rat Object is locked skipped

C:\e9511eda960ee2629b25\update\eula.rtf Object is locked skipped

C:\e9511eda960ee2629b25\update\idndl.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\ie7.cat Object is locked skipped

C:\e9511eda960ee2629b25\update\iecustom.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\iereseticons.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\iesetup.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\legitlibm.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\nlsdl.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\update.exe Object is locked skipped

C:\e9511eda960ee2629b25\update\update.exe.manifest Object is locked skipped

C:\e9511eda960ee2629b25\update\update.inf Object is locked skipped

C:\e9511eda960ee2629b25\update\update.ver Object is locked skipped

C:\e9511eda960ee2629b25\update\updspapi.dll Object is locked skipped

C:\e9511eda960ee2629b25\update\xmllitesetup.exe Object is locked skipped

C:\e9511eda960ee2629b25\url.dll Object is locked skipped

C:\e9511eda960ee2629b25\urlmon.dll Object is locked skipped

C:\e9511eda960ee2629b25\urlmon.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\vbscript.dll Object is locked skipped

C:\e9511eda960ee2629b25\vgx.dll Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.dll Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.dll.mui Object is locked skipped

C:\e9511eda960ee2629b25\webcheck.ini Object is locked skipped

C:\e9511eda960ee2629b25\winfxdocobj.exe Object is locked skipped

C:\e9511eda960ee2629b25\winfxdocobj.exe.mui Object is locked skipped

C:\e9511eda960ee2629b25\wininet.dll Object is locked skipped

C:\e9511eda960ee2629b25\wininet.dll.mui Object is locked skipped

C:\Program Files\Hijackthis\backups\backup-20070923-144248-955.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped

C:\Program Files\PC Tools AntiVirus\~ulo Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP955\A0126383.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP955\A0126384.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137595.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137595.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0137596.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP961\A0138910.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140780.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140780.exe Inno: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP974\A0140791.exe Infected: Trojan-Downloader.Win32.Agent.dhj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142815.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142822.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142823.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

**06runner** · 2007-09-26, 04:14

3rd part of log:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142825.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142826.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142844.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142874.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP975\A0142875.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0142989.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP978\A0143011.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP978\A0143050.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP979\A0144029.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0144066.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0144078.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP983\A0144120.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0145130.exe Infected: Trojan-Downloader.Win32.Small.fky skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0146131.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP987\A0146132.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146142.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146146.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146148.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146174.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP988\A0146177.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147219.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147221.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0147223.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148192.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148210.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP989\A0148229.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0149271.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0150265.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0151265.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0152264.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0160274.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162288.exe Infected: Trojan-Downloader.Win32.Small.fox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162313.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0162317.exe Infected: Trojan-Downloader.Win32.Adload.lj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP992\A0164309.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0166311.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0167311.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0168309.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0169332.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0170334.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0171333.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP993\A0172334.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172352.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172354.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172355.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172357.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172358.exe Infected: Trojan-Downloader.Win32.Agent.dlx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172359.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172363.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172364.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172365.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172366.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172368.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172371.exe Infected: Trojan-Downloader.Win32.Small.ftt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172373.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172378.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172379.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172383.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP994\A0172385.exe Infected: Trojan-Proxy.Win32.VB.x skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\A0173706.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\A0173713.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176733.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176733.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176733.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176733.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176733.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176734.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0176734.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**Shaba** · 2007-09-26, 08:42

Hi

That looks good.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?

**06runner** · 2007-09-26, 12:39

Hella Shaba,

I want to let you know how much I appreciate all your help. The computer is running great at this time. Again THANK YOU for your Help.

Thread: First time for Virtumonde virus

Thread Tools

Display

Posting Permissions