connection is actively downloading and uploading

Whew... full of stuff, here you go.... and thanks for even trying on this huge task,
Cosmo:


KASPERSKY ONLINE SCANNER REPORT
Thursday, May 17, 2007 9:54:55 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/05/2007
Kaspersky Anti-Virus database records: 322804
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 32533
Number of viruses found: 27
Number of infected objects: 136
Number of suspicious objects: 2
Duration of the scan process: 00:18:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/POPCORN72.EXE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\RED1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\RED1\Desktop\requested-files[2007-05-03_21_11].cab/C:/WINDOWS/system32/sony.exe Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\Documents and Settings\RED1\Desktop\requested-files[2007-05-03_21_11].cab/C:/WINDOWS/system32/cent.exe Infected: Packed.Win32.Tibs.v skipped
C:\Documents and Settings\RED1\Desktop\requested-files[2007-05-03_21_11].cab CAB: infected - 2 skipped
C:\Documents and Settings\RED1\Desktop\smitfraud\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RED1\Desktop\smitfraud\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RED1\Desktop\smitfraud\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RED1\Desktop\smitfraud\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\RED1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\RED1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\RED1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RED1\Local Settings\History\History.IE5\MSHist012007051720070518\index.dat Object is locked skipped
C:\Documents and Settings\RED1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RED1\ntuser.dat Object is locked skipped
C:\Documents and Settings\RED1\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\pp.exe.vir Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\adirka.dll.vir Infected: Email-Worm.Win32.Banwarum.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\adirka.exe.vir Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\adirss.exe.vir Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cent.exe.exe.vir Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dd.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lnwin.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\m22.exe.vir Infected: Backdoor.Win32.Agent.amd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ma.exe.exe.vir Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pdp.exe.exe.vir Infected: Email-Worm.Win32.Zhelatin.dh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pep.exe.exe.vir Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pp.exe.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rsvp32_2.dll.vir Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sm.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wincom32.sys.vir Infected: Rootkit.Win32.Agent.dh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\zoom.exe.exe.vir Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\zu.exe.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kc skipped
 
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP285\A0030351.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP285\A0030371.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP285\A0030376.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP286\A0030389.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP286\A0030419.exe Infected: Email-Worm.Win32.Zhelatin.aj skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP289\A0030512.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP289\A0030513.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP289\A0030514.sys Infected: Email-Worm.Win32.Zhelatin.d skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP299\A0030743.sys Infected: Email-Worm.Win32.Zhelatin.d skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP299\A0030745.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP299\A0030746.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP299\A0030747.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP299\A0030756.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030842.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030843.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030844.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030845.sys Infected: Email-Worm.Win32.Zhelatin.d skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030846.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030847.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030848.dll Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030850.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030851.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030852.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030853.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP302\A0030854.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030891.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030893.exe Infected: Email-Worm.Win32.Zhelatin.as skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030899.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030900.exe Infected: Email-Worm.Win32.Zhelatin.as skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030901.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030913.exe Infected: not-virus:Hoax.Win32.Renos.hg skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030915.dll Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP303\A0030918.exe Infected: Email-Worm.Win32.Zhelatin.as skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031016.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031017.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031018.dll Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031019.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031020.sys Infected: Rootkit.Win32.Agent.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP307\A0031021.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP322\A0033329.exe Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP322\A0033330.sys Infected: Rootkit.Win32.Agent.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP322\A0033371.sys Infected: Email-Worm.Win32.Zhelatin.d skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP322\A0033372.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP322\A0033374.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033461.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033462.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033463.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033465.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033466.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033467.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033468.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033469.dll Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033470.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033471.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033472.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033473.exe Infected: Email-Worm.Win32.Zhelatin.bp skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP323\A0033474.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035570.exe Infected: Email-Worm.Win32.Zhelatin.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035584.exe Infected: Email-Worm.Win32.Zhelatin.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035635.sys Infected: SpamTool.Win32.Agent.af skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035669.exe Infected: Email-Worm.Win32.Zhelatin.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035670.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035671.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035672.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035673.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035675.exe Infected: Backdoor.Win32.Agent.amd skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035677.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035683.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035684.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035685.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035686.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP326\A0035735.sys Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP328\A0035820.exe Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP328\A0035830.exe Infected: Email-Worm.Win32.Zhelatin.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP328\A0035831.exe Infected: Packed.Win32.Tibs.v skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP328\A0035930.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036150.exe Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036151.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036152.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036153.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036154.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036155.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036156.dll Infected: Email-Worm.Win32.Zhelatin.al skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036158.dll Infected: Email-Worm.Win32.Banwarum.f skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036159.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036160.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036161.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036163.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036164.exe Infected: Backdoor.Win32.Agent.amd skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036166.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036167.sys Infected: Rootkit.Win32.Agent.dh skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP331\A0036169.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\System Volume Information\_restore{CE6799DB-336C-4CF1-9A2A-44AE2BAF2690}\RP336\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.Win32.Renos.hg skipped
C:\WINDOWS\ModemLog_Lucent Win Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\amvpvqem.exe Infected: Email-Worm.Win32.Zhelatin.bb skipped
C:\WINDOWS\system32\asgp32.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\eqovzzsp.exe Infected: Email-Worm.Win32.Zhelatin.bl skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hqwmqnzk.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\WINDOWS\system32\hulwpzji.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\WINDOWS\system32\huyeqzuz.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\WINDOWS\system32\idleserv.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\system32\intr32.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\WINDOWS\system32\oqbmxuys.exe Infected: Email-Worm.Win32.Zhelatin.z skipped
C:\WINDOWS\system32\otlrklkl.exe Infected: Email-Worm.Win32.Zhelatin.cx skipped
C:\WINDOWS\system32\rghyziki.exe Infected: Email-Worm.Win32.Zhelatin.ai skipped
C:\WINDOWS\system32\sca.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\WINDOWS\system32\smt.exe Infected: Email-Worm.Win32.Zhelatin.ce skipped
C:\WINDOWS\system32\uczkidfe.exe Infected: Trojan-Downloader.Win32.Tibs.kc skipped
C:\WINDOWS\system32\vjxghotj.exe Infected: Email-Worm.Win32.Zhelatin.bp skipped
C:\WINDOWS\system32\vwbvhmtj.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\WINDOWS\system32\waarwhnl.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xtlzgnuf.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\WINDOWS\system32\xupqzezr.exe Infected: Email-Worm.Win32.Zhelatin.cq skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Ok we'll nail 'em...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    Code: 
    C:\WINDOWS\default.htm 
C:\WINDOWS\system32\amvpvqem.exe 
C:\WINDOWS\system32\asgp32.dll 
C:\WINDOWS\system32\eqovzzsp.exe 
C:\WINDOWS\system32\hqwmqnzk.exe
C:\WINDOWS\system32\hulwpzji.exe
C:\WINDOWS\system32\huyeqzuz.exe 
C:\WINDOWS\system32\idleserv.exe 
C:\WINDOWS\system32\intr32.dll 
C:\WINDOWS\system32\oqbmxuys.exe 
C:\WINDOWS\system32\otlrklkl.exe 
C:\WINDOWS\system32\rghyziki.exe 
C:\WINDOWS\system32\sca.exe 
C:\WINDOWS\system32\smt.exe 
C:\WINDOWS\system32\uczkidfe.exe 
C:\WINDOWS\system32\vjxghotj.exe 
C:\WINDOWS\system32\vwbvhmtj.exe 
C:\WINDOWS\system32\waarwhnl.exe 
C:\WINDOWS\system32\xtlzgnuf.exe 
C:\WINDOWS\system32\xupqzezr.exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Restart the computer.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log
 
This topic has been archived due to lack of a response. :spider:

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top