FakeMSNBeta8

Hi

Empty Sent and Trash folder in Thunderbird.

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
Hijackthis.txt :

Logfile of HijackThis v1.99.1
Scan saved at 7:34:26 PM, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158673010796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158672999702
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9314F92F-CC5D-4A4A-B406-890BC3929DF9}: NameServer = 24.153.22.67,24.153.22.195
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 
Kaspersky Report:

KASPERSKY ONLINE SCANNER REPORT
Monday, July 16, 2007 7:33:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/07/2007
Kaspersky Anti-Virus database records: 363092
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 77065
Number of viruses found 7
Number of infected objects 48
Number of suspicious objects 0
Duration of the scan process 01:05:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN/data.rar/wr-1.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN/data.rar Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN RarSFX: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0001.VBN Infected: IM-Worm.Win32.VB.at skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\history.dat Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\key3.db Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent Mail Berkeley mbox: infected - 11 skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash Mail Berkeley mbox: infected - 13 skipped
C:\Documents and Settings\Andre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\Working\database_7A04_9D1_409_9175\dfsr.db Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\Working\database_7A04_9D1_409_9175\fsr.log Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\Working\database_7A04_9D1_409_9175\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Messenger\m.amaro@rogers.com\SharingMetadata\Working\database_7A04_9D1_409_9175\tmp.edb Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows Live Contacts\m.amaro@rogers.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows Live Contacts\m.amaro@rogers.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\MSHist012007071620070717\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temp\fla1E2.tmp Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temp\~DF1DAC.tmp Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temp\~DF1DB1.tmp Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temp\~DF25BD.tmp Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temp\~DF25C2.tmp Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab/PopCapLoader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip/ShareAccelerator.exe/WISE0015.BIN/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip/ShareAccelerator.exe/WISE0015.BIN/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip/ShareAccelerator.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip/ShareAccelerator.exe Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar/BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar/BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar/BearShareV6.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar/BearShareV6.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar/BearShareV6.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
 
C:\Documents and Settings\Andre\My Documents\my documents.rar/BearShareV6.exe Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Documents and Settings\Andre\My Documents\my documents.rar RAR: infected - 6 skipped
C:\Documents and Settings\Andre\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andre\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
Hi

Go to Thunderbird.

Empty Sent folder there.

Empty Trash Bin there.

Empty this folder:

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

Delete these:

C:\Documents and Settings\Andre\My Documents\Bear DLs\lead the world generation Share Accelerator.zip
C:\Documents and Settings\Andre\My Documents\my documents.rar

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
HiJackThis.txt :

Logfile of HijackThis v1.99.1
Scan saved at 8:08:17 PM, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158673010796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158672999702
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9314F92F-CC5D-4A4A-B406-890BC3929DF9}: NameServer = 24.153.22.67,24.153.22.195
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 19, 2007 8:08:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365344
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 77159
Number of viruses found 3
Number of infected objects 34
Number of suspicious objects 0
Duration of the scan process 01:02:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent Mail Berkeley mbox: infected - 11 skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash Mail Berkeley mbox: infected - 13 skipped
C:\Documents and Settings\Andre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\MSHist012007071920070720\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab/PopCapLoader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Andre\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andre\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Andre\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
Hi

Did youi have troubles emptying Sent and Trash folder?

I ask because bad emails are still there.
 
Logfile of HijackThis v1.99.1
Scan saved at 12:30:37 AM, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158673010796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158672999702
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9314F92F-CC5D-4A4A-B406-890BC3929DF9}: NameServer = 24.153.22.67,24.153.22.195
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 26, 2007 12:30:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 26/07/2007
Kaspersky Anti-Virus database records: 367858
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 77530
Number of viruses found 3
Number of infected objects 34
Number of suspicious objects 0
Duration of the scan process 01:03:12

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\history.dat Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\key3.db Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED/[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text/[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Sent Mail Berkeley mbox: infected - 11 skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:0 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:2 ... /BSINSTALL.zip Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Tue, 19 Dec 2006 23:42:25 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0 ... /[From SaNDMaN_ ][Date Mon, 18 Dec 2006 20:07:53 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED/[From SaNDMaN_ ][Date Sat, 18 Nov 2006 16:59:11 -0500]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED/[From SaNDMaN_ ][Date Fri, 10 Nov 2006 00:19:59 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED/[From SaNDMaN_ ][Date Wed, 08 Nov 2006 23:02:20 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text/[From SaNDMaN_ ][Date Wed, 20 Dec 2006 15:28:23 -0500]/UNNAMED Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash/[From SaNDMaN_ ][Date Wed, 11 Oct 2006 15:16:28 -0400]/text Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders\Trash Mail Berkeley mbox: infected - 13 skipped
C:\Documents and Settings\Andre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Application Data\Mozilla\Firefox\Profiles\9bqfeswz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\MSHist012007071620070723\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\MSHist012007072420070725\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\History\History.IE5\MSHist012007072520070726\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab/PopCapLoader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\UD8JOV8D\popcaploader[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\Andre\My Documents\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Andre\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andre\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Andre\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
 
I assure you, they are empty. I don't know how else to say it...

I completely cleared out the trash folder and I sent any important "sent e-mails" to an alternate e-mail. Both folders are empty.
 
Hi

Then we have basically one chance

We can try to move or empty this entire folder but you will loose all you mails:

C:\Documents and Settings\Andre\Application Data\Thunderbird\Profiles\k475mioj.default\Mail\Local Folders
 
You must log in or register to reply here.
Back
Top