Virtumonde (again)

**roxley59** · 2008-01-15, 18:22

oopss sorry, heres the local HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:57 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Transcode360] D:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Extender Resource Monitor.lnk = D:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4637 bytes

**ken545** · 2008-01-15, 19:22

Remove this entry with HJT as its still looks infected.

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask .exe" -atboottime

FYI...can you see the difference??
D:\Program Files\QuickTime\QTTask .exe <--Infected File
D:\Program Files\QuickTime\QTTask.exe <-- Legit

Go to your Add Remove Programs in the Control Panel and uninstall QuickTime After your clean you can redownload and install it if you wish.

D:\Program Files\QuickTime<-- Delete this entire folder.

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up

Reboot and see if you can get into Normal Windows, if you can , post a HJT log as the one from Safemode does not show everything.

**roxley59** · 2008-01-15, 21:05

Right heres the latest HJT log from normal mode
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:36 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Transcode360\Transcode360Tray.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\ehome\RMSysTry.exe
D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\ehome\RMSvc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Transcode360] D:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Extender Resource Monitor.lnk = D:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6224 bytes

While i was waiting i ran kaspersky and it found a lot of viruses. I'm going to run it again while I wait for your next reply

**roxley59** · 2008-01-15, 21:06

esday, January 15, 2008 7:38:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512262
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 49019
Number of viruses found 13
Number of infected objects 267
Number of suspicious objects 0
Duration of the scan process 00:55:17

Infected Object Name Virus Name Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Rob\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Rob\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Rob\ntuser.dat.LOG Object is locked skipped
D:\Program Files\QuickTime\QTTask.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\Program Files\Windows Media Player\profsyfsyrt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
D:\QooBox\Quarantine\D\Documents and Settings\Rob\Local Settings\Temp\winvsnet .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Common Files\hokew4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\QooBox\Quarantine\D\Program Files\Common Files\hokew83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\QooBox\Quarantine\D\Program Files\Creative\MediaSource\Detector\CTDetect.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\MSN Messenger\MsnMsgr.Exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Network Associates\Common Framework\UpdaterUI.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\VundoFix Backups\ddayx.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\VundoFix Backups\ehtray.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
D:\QooBox\Quarantine\D\WINDOWS\system32\FNTS~1\wυauclt.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
D:\QooBox\Quarantine\D\WINDOWS\system32\fwadnsat.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
D:\QooBox\Quarantine\D\WINDOWS\system32\pmkjh.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\WINDOWS\Um9icyBDb21w\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
D:\QooBox\Quarantine\D\WINDOWS\UpdReg.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000003.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000009.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000010.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000011.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000014.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000017.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000018.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000019.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000020.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000021.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000022.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000024.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000030.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000031.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000032.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000037.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000040.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000041.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0000044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0001046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0002046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0003046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0004046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

**roxley59** · 2008-01-15, 21:08

D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0005046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0006046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0007046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0008045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0009045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0010045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011038.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011041.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0011046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012037.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012038.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012040.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012041.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0012045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013054.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013055.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013056.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013057.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013058.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013059.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013060.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0013061.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016067.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016068.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016069.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016070.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016072.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016073.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016081.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016082.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016083.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016084.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016085.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016086.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016087.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016088.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016089.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016096.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016097.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016098.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016099.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016100.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016101.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016102.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016103.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0016104.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017096.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017097.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017098.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017099.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017100.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017101.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017102.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017103.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0017104.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018096.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018097.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018098.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018099.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018100.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018101.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

**roxley59** · 2008-01-15, 21:09

D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018102.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018103.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018104.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018113.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018114.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018115.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018116.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018117.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018118.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018119.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0018121.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019113.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019114.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019115.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019116.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019117.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019118.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019119.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0019121.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020113.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020114.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020115.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020116.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020117.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020118.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020119.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020121.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020123.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020124.dll Infected: Trojan.Win32.BHO.ab skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020125.dll Infected: Trojan.Win32.BHO.ab skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020126.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020127.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020128.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020129.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020130.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020131.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020132.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020133.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020134.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020135.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020136.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020137.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020139.exe Infected: Trojan.Win32.BHO.ab skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020283.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020284.exe Infected: Trojan-Downloader.Win32.Small.hqc skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\A0020285.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP2\change.log Object is locked skipped
D:\WINDOWS\CSC\00000001 Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\ehome\ehtray.exe.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\ka8\tycodllz83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\WINDOWS\system32\ka8\tycodllz83122.exe NSIS: infected - 1 skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

**ken545** · 2008-01-16, 01:01

Hey,

It looks like you where able to boot normally

Your log is looking good, what Kaspersky has found is a ton of entries in your System Restore Program . Lets do a few more things.

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up

===============================

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad. Make sure there is no space above and to the left of File::

File::
D:\WINDOWS\ehome\ehtray.exe.tmp
D:\WINDOWS\system32\ka8\tycodllz83122.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

================================

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Reboot your computer

Turn ON System Restore.

Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Create a new Restore Point <-- Very Important

Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point

System Restore Tutorial <-- If you need it

===============================

Please download SuperAntiSpyware
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.

Let me see the New Combofix log, the SAS log and a new HJT log.

Hang in, where almost done

**roxley59** · 2008-01-16, 13:10

Just want to say thanks so far. Ok did all that....... Heres the logs

ComboFix 08-01-15.4 - Rob 2008-01-16 11:13:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.477 [GMT 0:00]
Running from: D:\Documents and Settings\Rob\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Rob\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
D:\WINDOWS\ehome\ehtray.exe.tmp
D:\WINDOWS\system32\ka8\tycodllz83122.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\ehome\ehtray.exe.tmp
D:\WINDOWS\system32\ka8\tycodllz83122.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 18:01 . 2008-01-15 18:01 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-01-15 18:01 . 2008-01-15 18:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-15 17:00 . 2008-01-15 17:00 <DIR> d-------- D:\VundoFix Backups
2008-01-15 10:56 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-14 11:02 . 2008-01-14 11:02 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-14 10:46 . 2008-01-14 10:46 <DIR> d-------- D:\Program Files\Avira
2008-01-14 10:46 . 2008-01-14 10:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-01-13 22:46 . 2008-01-14 13:34 90,112 --a------ D:\WINDOWS\UpdReg.EXE
2008-01-13 22:39 . 2008-01-15 16:58 <DIR> d-------- D:\WINDOWS\system32\pe2
2008-01-13 22:39 . 2008-01-16 11:16 <DIR> d-------- D:\WINDOWS\system32\ka8
2008-01-13 22:39 . 2008-01-15 16:58 <DIR> d-------- D:\WINDOWS\system32\gu5
2008-01-13 22:39 . 2008-01-15 16:58 <DIR> d-------- D:\WINDOWS\system32\edcA01
2008-01-13 03:42 . 2008-01-13 03:43 <DIR> d-------- D:\Program Files\SopCast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 10:53 --------- d-----w D:\Program Files\Transcode360
2008-01-15 11:04 --------- d-----w D:\Program Files\MSN Messenger
2008-01-15 11:04 --------- d-----w D:\Program Files\iTunes
2008-01-14 10:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 20:31 --------- d-----w D:\Documents and Settings\Rob\Application Data\LimeWire
2008-01-10 10:46 --------- d-----w D:\Program Files\DivX
2007-12-19 19:31 94,208 ----a-w D:\WINDOWS\DUMP4110.tmp
2007-12-13 02:11 94,208 ----a-w D:\WINDOWS\DUMP4a86.tmp
2007-12-12 14:29 --------- d-----w D:\Program Files\Network Associates
2007-12-12 14:29 --------- d-----w D:\Program Files\Common Files\Network Associates
2007-12-12 14:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-11 19:19 --------- d-----w D:\Program Files\iPod
2007-12-11 14:16 --------- d-----w D:\Program Files\SpeedFan
2007-11-29 22:30 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2007-11-05 13:08 356,352 ----a-w D:\WINDOWS\eSellerateEngine.dll
2007-10-31 20:33 94,208 ----a-w D:\WINDOWS\DUMP4074.tmp
2007-08-08 15:02 20,840 ----a-w D:\Documents and Settings\Rob\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-15_11.07.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-14 13:34:51 64,512 ----a-w D:\WINDOWS\ehome\ehtray.exe
- 2008-01-15 10:58:37 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 11:13:11 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 10:58:37 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 11:13:11 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 10:58:37 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 11:13:11 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 10:58:37 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 11:13:12 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 10:58:37 4,247,552 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 11:13:12 4,329,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 10:58:37 249,856 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 11:13:12 249,856 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 12:27:16 213,048 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 15:47:20 94,208 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 15:49:54 950,272 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-16 10:53:14 16,384 ----atw D:\WINDOWS\TEMP\Perflib_Perfdata_40c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-01-14 13:35 102400]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-14 21:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="D:\WINDOWS\ehome\ehtray.exe" [2008-01-14 13:34 64512]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-14 10:24 45056]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2008-01-14 13:34 57344]
"P17Helper"="P17.dll" [2005-05-03 11:38 64512 D:\WINDOWS\system32\P17.dll]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2008-01-14 13:34 90112]
"Transcode360"="D:\Program Files\Transcode360\Transcode360Tray.exe" [2008-01-14 10:24 192512]
"McAfeeUpdaterUI"="D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-01-14 13:34 139320]
"NSLauncher"="D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2008-01-14 13:35 2658304]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-14 13:35 132496]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-01-14 13:35 267048]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-15 21:22 249896]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - D:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG111v2 Smart Wizard.lnk - D:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-09-06 03:12:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= D:\WINDOWS\Resources\Themes\Royale.theme

R2 RMSvc;Media Center Extender Resource Monitor;D:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;D:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-11-20 15:48]
S3 QWAVE;QWAVE service;D:\WINDOWS\system32\svchost.exe [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 19:11:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 11:16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 11:17:05
ComboFix-quarantined-files.txt 2008-01-16 11:16:49
ComboFix2.txt 2008-01-15 23:33:30
ComboFix3.txt 2008-01-15 19:50:31
ComboFix4.txt 2008-01-15 12:59:01
ComboFix5.txt 2008-01-15 11:08:07

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2008 at 12:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3380
Trace Rules Database Version: 1374

Scan type : Complete Scan
Total Scan Time : 00:27:55

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 5443
Registry threats detected : 0
File items scanned : 28806
File threats detected : 14

Adware.Tracking Cookie
D:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt
D:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt
D:\Documents and Settings\Rob\Cookies\rob@serving-sys[1].txt
D:\Documents and Settings\Rob\Cookies\rob@bs.serving-sys[2].txt

Unclassified.Unknown Origin
D:\QOOBOX\QUARANTINE\D\PROGRAM FILES\COMMON FILES\HOKEW4444.DLL.VIR
D:\QOOBOX\QUARANTINE\D\PROGRAM FILES\COMMON FILES\HOKEW83122.DLL.VIR

Trojan.Vundo/Variant-Installer
D:\QOOBOX\QUARANTINE\D\VUNDOFIX BACKUPS\DDAYX.EXE.BAD.VIR

Malware.LocusSoftware Inc-Installer
D:\QOOBOX\QUARANTINE\D\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M2210NETINSTALLER.EXE.VIR

Adware.ClickSpring
D:\QooBox\Quarantine\D\WINDOWS\system32\FNTS~1\WAUCLT~1.VIR
D:\QOOBOX\QUARANTINE\D\WINDOWS\SYSTEM32\FWADNSAT.DLL.VIR

Trojan.Unknown Origin
D:\QOOBOX\QUARANTINE\D\WINDOWS\SYSTEM32\KA8\TYCODLLZ83122.EXE.VIR
D:\QOOBOX\QUARANTINE\D\WINDOWS\SYSTEM32\WINTICOMSV32.EXE.VIR
D:\QOOBOX\QUARANTINE\D\WINDOWS\UM9ICYBDB21W\OA62WV1GVZYT.VBS.VIR

Adware.Adservs
D:\QOOBOX\QUARANTINE\D\WINDOWS\UM9ICYBDB21W\ASAPPSRV.DLL.VIR

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:00 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Transcode360\Transcode360Tray.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\ehome\RMSysTry.exe
D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\ehome\RMSvc.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Transcode360] D:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Extender Resource Monitor.lnk = D:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6359 bytes

**roxley59** · 2008-01-16, 16:46

Hi thought I would do another Kaperski scan while I waited. It found a vastly reduced number of infections.....

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 3:41:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512843
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 48038
Number of viruses found 2
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 00:55:36

Infected Object Name Virus Name Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Rob\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\ApplicationHistory\cli.exe.2643172.ini.inuse Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\ApplicationHistory\Transcode360Tray.exe.762e664f.ini.inuse Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\History\History.IE5\MSHist012008011620080117\index.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Temp\Perflib_Perfdata_2f4.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Temp\Perflib_Perfdata_490.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Temp\Perflib_Perfdata_4cc.dat Object is locked skipped
D:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Rob\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Rob\ntuser.dat.LOG Object is locked skipped
D:\Program Files\Transcode360\Transcode360_080116_1435_49000.log Object is locked skipped
D:\Program Files\Windows Media Player\profsyfsyrt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
D:\QooBox\Quarantine\D\Documents and Settings\Rob\Local Settings\Temp\winvsnet .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Creative\MediaSource\Detector\CTDetect.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\MSN Messenger\MsnMsgr.Exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Network Associates\Common Framework\UpdaterUI.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\VundoFix Backups\ehtray.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\WINDOWS\ehome\ehtray.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\WINDOWS\UpdReg.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5946BD48-99B5-48AA-9A63-444D015B629C}\RP3\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5848CA33-2351-4C51-86CF-38C31F1EE68F}.crmlog Object is locked skipped
D:\WINDOWS\RTacDbg.txt Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\TEMP\Perflib_Perfdata_254.dat Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase

**ken545** · 2008-01-16, 19:53

Log looks good

D:\QooBox <-- delete this folder, all it is is the backups of what Combofix removed.

After you remove it, run another scan with Kaspersky, post the log and let me know how your system is running now??

Thread: Virtumonde (again)

Thread Tools

Display

Posting Permissions