Need help bad. I think It's Virtumundo

most current log reports part2

Here's the HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:34 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\FREECELL.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9688 bytes
 
Hi

One typo, my bad.

  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
Hey Shaba,
Here is the OTMOVEIT as per your instructions

What's next?



C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe moved successfully.

OTMoveIt2 v1.0.17 log created on 02022008_103055
 
Hi

If you want to keep McAfee and it's up-to-date, please uninstall AntiVir.

Open HijackThis, click do a system scan only and checkmark this:

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Hi Shaba
I do want to get rid of Avira and keep Mcafee.

I removed the line as you directed.

As far as kapersky.
I can't seem to get IE to connect to the internet.
Therefore I can't use Kapersky.
What should I do now?
Thanks.
 
kapersky report part1

You were right about Mcafee having locked IE.
I was able to run the Kapersky scan.
Here is the log.
Thanks a million

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 2:42:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 546598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 146188
Number of viruses found: 24
Number of infected objects: 157
Number of suspicious objects: 2
Duration of the scan process: 05:15:09

Infected Object Name / Virus Name / Last Action
C:\!KillBox\ddccd.dll Object is locked skipped
C:\!KillBox\ddccd.dll( 1) Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\!KillBox\ddccd.dll( 2) Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D9B2A331-E0CB-4691-BE3B-03B9FF8D264B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Isabella Cady\Desktop\PopularScreensaversSetup2.1.60.1.ZRfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Documents and Settings\Isabella Cady\Desktop\PopularScreensaversSetup2.1.60.1.ZRfox000.exe CAB: infected - 1 skipped
C:\Documents and Settings\Isabella Cady\Local Settings\Temp\hsperfdata_Isabella Cady\3024 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\cert8.db Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\history.dat Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\key3.db Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\parent.lock Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Robin Cady\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Robin Cady\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Mozilla\Firefox\Profiles\tos3cori.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MSN Gaming Zone\profsy.html Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\apbqctha.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bkcrtwnz.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bxyprgvp.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ckuswcwf.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddccd.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddccd.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hbkltyfy.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wgwldktx.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-01-28_110149.18.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
C:\QooBox\Quarantine\catchme2008-01-28_110149.18.zip/bkcrtwnz.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\catchme2008-01-28_110149.18.zip/ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\QooBox\Quarantine\catchme2008-01-28_110149.18.zip ZIP: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\change.log Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001007.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001244.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\Temp\mcafee_LzxJ0EGlHIEaLt9 Object is locked skipped
C:\WINDOWS\Temp\mcafee_xc03L6pZflHaQO9 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_9jOQhSjsnk48OR6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hf6iVXKCDh1KPkX Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Prz8fXXCnqeMxab Object is locked skipped
C:\WINDOWS\Temp\mcmsc_tKddY6aAYigT4xU Object is locked skipped
C:\WINDOWS\Temp\mcmsc_xceEPLp7lys5wcc Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
 
kapersky report part2

C:\_OTMoveIt\MovedFiles\01312008_160202\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 7 Aug 2000 10:51:25 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 7 Aug 2000 10:51:25 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 7 May 2000 01:59:32 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 7 May 2000 01:59:32 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 15 May 2000 23:29:10 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 15 May 2000 23:29:10 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 20 Jun 2000 17:29:02 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 20 Jun 2000 17:29:02 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 20 Jun 2000 17:31:02 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 20 Jun 2000 17:31:02 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sat, 8 Jul 2000 11:17:29 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sat, 8 Jul 2000 11:17:29 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 10 Jul 2000 10:52:45 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 10 Jul 2000 10:52:45 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Thu, 27 Jul 2000 21:27:37 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Thu, 27 Jul 2000 21:27:37 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 30 Jul 2000 09:04:54 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 30 Jul 2000 09:04:54 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 30 Jul 2000 13:46:52 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Sun, 30 Jul 2000 13:46:52 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 7 Aug 2000 10:45:26 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 7 Aug 2000 10:45:26 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 8 Aug 2000 11:06:18 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Tue, 8 Aug 2000 11:06:18 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 21 Aug 2000 16:27:06 -0700]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx/[From "robcady" <robcady@email.msn.com>][Date Mon, 21 Aug 2000 16:27:06 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 26 skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text/[From "Eric Ragland" <ebrfmn@prodigy.net>][Date Fri, 2 Jun 2000 21:30:49 -0400]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text/[From "Eric Ragland" <ebrfmn@prodigy.net>][Date Fri, 2 Jun 2000 21:30:49 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text/[From John Knight <jknight@malasada.lava.net>][Date Fri, 02 Jun 2000 07:48: ... /[From "O'Neil" <dbotbird@worldpath.net>][Date Fri, 2 Jun 2000 18:28:10 -040 ... /html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text/[From John Knight <jknight@malasada.lava.net>][Date Fri, 02 Jun 2000 07:48: ... /[From "O'Neil" <dbotbird@worldpath.net>][Date Fri, 2 Jun 2000 18:28:10 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text/[From John Knight <jknight@malasada.lava.net>][Date Fri, 02 Jun 2000 07:48:02 -1000]/text/[From JBrown433@aol.com][Date Fri, 2 Jun 2000 15:29:25 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text/[From John Knight <jknight@malasada.lava.net>][Date Fri, 02 Jun 2000 07:48:02 -1000]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\t-bird digest.dbx Mail MS Outlook 5: infected - 11 skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\E-bay.dbx/[From aw-confirm@ebay.com][Date Sun, 30 Jan 2000 10:14:25 PST]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\E-bay.dbx/[From "Cathy Maynard" <maynard@initco.net>][Date Tue, 2 May 2000 21:51:23 -0600]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\E-bay.dbx/[From "Cathy Maynard" <maynard@initco.net>][Date Tue, 2 May 2000 21:51:23 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Application Data\Identities\{3AC26FE0-5542-11D3-B4DA-C95C1877B120}\Microsoft\Outlook Express\E-bay.dbx Mail MS Outlook 5: infected - 3 skipped
 
kapersky report part3

E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/03 Feb 2000 23:54 from aw-confirm@ebay.com:eBay Outbid Notice - .eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/04 Feb 2000 20:38 from aw-confirm@ebay.com:eBay Outbid Notice - .eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:22:42 -0700 (PDT)]/text/[From TOPKEY@aol.com][Date Tue, 18 Jul 2000 20:54:17 EDT ... /[From "Bob & Elaine Bagshaw" <bagshaw@erols.com>][Date Tue, 18 Jul 2000 22:45:01 -040 ... /html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:22:42 -0700 (PDT)]/text/[From TOPKEY@aol.com][Date Tue, 18 Jul 2000 20:54:17 EDT ... /[From "Bob & Elaine Bagshaw" <bagshaw@erols.com>][Date Tue, 18 Jul 2000 22:45:01 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:22:42 -0700 (PDT)]/text/[From TOPKEY@aol.com][Date Tue, 18 Jul 2000 20:54:17 EDT]/text/[From "Gary E. Tayman" <gtayman@gate.net>][Date Tue, 18 Jul 2000 22:50:27 -0400]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:22:42 -0700 (PDT)]/text/[From TOPKEY@aol.com][Date Tue, 18 Jul 2000 20:54:17 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:22:42 -0700 (PDT)]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text/[From Rich Bailey <parussky@yahoo.com>][Date Tue, 18 Jul 2000 17:18:30 -0700 (PDT)]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml/[From PERCYBABY@aol.com][Date Tue, 18 Jul 2000 19:42:55 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Inbox/19 Jul 2000 04:40 from flairbirds-errors@lists.best.com:Digest f.eml Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 16:36 from flairbirds-errors@lists.best.com:Digest f.eml/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text/[From "Eric Ragland" <ebrfmn@prodigy.net>][Date Fri, 2 Jun 2000 21:30:49 -0400]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 16:36 from flairbirds-errors@lists.best.com:Digest f.eml/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text/[From "Eric Ragland" <ebrfmn@prodigy.net>][Date Fri, 2 Jun 2000 21:30:49 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 16:36 from flairbirds-errors@lists.best.com:Digest f.eml/[From tom fiorelli <tomfiorelli@usa.net>][Date 2 Jun 00 18:53:05 MDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 16:36 from flairbirds-errors@lists.best.com:Digest f.eml Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 J ... ... /[From "O'Neil" <dbotbird@worldpath.net>][Date Fri, 2 Jun 2000 18:28:10 -040 ... /html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 J ... ... /[From "O'Neil" <dbotbird@worldpath.net>][Date Fri, 2 Jun 2000 18:28:10 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 J ... /[From John Knight < ... /[From JBrown433@aol.com][Date Fri, 2 Jun 2000 15:29:25 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 J ... /[From John Knight <jknight@malasada.lava.net>][Date Fri, 02 Jun 2000 07:48:02 -1000]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text/[From "Lawrence R Zink" <zink@pdq.net>][Date Sat, 3 Jun 2000 09:29:58 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text/[From sbamford@pactiv.com][Date Fri, 2 Jun 2000 09:17:54 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text/[From "Leadholm, Tom" <Tom.Leadholm@med.va.gov>][Date Fri, 2 Jun 2000 07:34:11 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml/[From "Lamar Elrod" <lexplore@hotmail.com>][Date Fri, 02 Jun 2000 08:30:59 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/t-bird digest/03 Jun 2000 01:18 from flairbirds-errors@lists.best.com:Digest f.eml Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/07 May 2000 08:59 to Cathy Maynard:Re: e-bay item #317431046.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/16 May 2000 06:29 to Teri Jones:Re: oil tank.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/21 Jun 2000 00:29 to Karley Sato:Yard work.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/21 Jun 2000 00:31 to karley7@hotmail.com:Fw: Yard work.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/08 Jul 2000 18:17 to C Morris:Tiki .html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/10 Jul 2000 17:52 to pinuppoll@aol.com:pic' of the litter July.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/28 Jul 2000 04:27 to karley7@hotmail.com:Yard Maintanence.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/30 Jul 2000 16:04 to 199988TWINCAM:Truck pics.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/30 Jul 2000 20:46 to Bob:truck pics.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/07 Aug 2000 17:45 to Lizkath@aol.com:reverberator shop tiips.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/07 Aug 2000 17:51 to flairbirds@lists.best.com:64 t-bird front s.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/08 Aug 2000 18:06 to Francine:upholsterer.html Infected: Email-Worm.VBS.KakWorm skipped
E:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 35 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0009/data0002 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\Program Files\KaZaA\My Shared Folder\kmd15_en.exe Inno: infected - 28 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\Program Files\KaZaA\My Shared Folder\KazaaUpdate151.exe Inno: infected - 22 skipped
E:\Program Files\KaZaA\My Shared Folder\kmd171gu_en.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd171gu_en.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd171gu_en.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Program Files\KaZaA\My Shared Folder\kmd171gu_en.exe Inno: infected - 3 skipped
 
kapersky report part4

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent4.zip/wcmdmgrl.exe Suspicious: Password-protected-EXE skipped
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent4.zip ZIP: suspicious - 1 skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Temp\BDECache\bdeD.tmp/BDESac24.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Temp\BDECache\bdeD.tmp CAB: infected - 1 skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Temp\BDECache\bde8.tmp/bdeinsta25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Temp\BDECache\bde8.tmp CAB: infected - 1 skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED/play.exe Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped

Scan process completed.
 
hijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:06 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9787 bytes
 
Hi

Nice that it worked out :)

Empty these folders:

C:\!KillBox\
C:\QooBox\Quarantine\
E:\Program Files\KaZaA\My Shared Folder\
E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Temp\
C:\_OTMoveIt\MovedFiles\

Empty Recycle Bin.


Delete all bad mails in kaspersky log and empty Deleted items

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
New Kaspersky report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 5:34:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 550073
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 144336
Number of viruses found: 20
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 04:29:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D9B2A331-E0CB-4691-BE3B-03B9FF8D264B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Isabella Cady\Desktop\PopularScreensaversSetup2.1.60.1.ZRfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Documents and Settings\Isabella Cady\Desktop\PopularScreensaversSetup2.1.60.1.ZRfox000.exe CAB: infected - 1 skipped
C:\Documents and Settings\Isabella Cady\Local Settings\Temp\hsperfdata_Isabella Cady\3024 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Cady\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Robin Cady\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\My Documents\ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Robin Cady\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robin Cady\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MSN Gaming Zone\profsy.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001554.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001007.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001244.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001254.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001255.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\Temp\mcafee_LzxJ0EGlHIEaLt9 Object is locked skipped
C:\WINDOWS\Temp\mcafee_xc03L6pZflHaQO9 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_9jOQhSjsnk48OR6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Prz8fXXCnqeMxab Object is locked skipped
C:\WINDOWS\Temp\mcmsc_qrnvCUMIashfoA7 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_xceEPLp7lys5wcc Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\change.log Object is locked skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0009/data0002 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001548.exe Inno: infected - 28 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001549.exe Inno: infected - 22 skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001550.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001550.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001550.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0001550.exe Inno: infected - 3 skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED/play.exe Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped

Scan process completed.
 
HiJackThis Log

Hope were getting near the end.
So far so good.
Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:06 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9787 bytes
 
Hi

Delete these mails:

E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED/play.exe Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx/[From contactintelligentx <contactintelligentx@flowgo.com>][Date Tue, 2 Apr 2002 12:50:22 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.e skipped
E:\Documents and Settings\ROBIN O CADY.bak\Local Settings\Application Data\Identities\{A0FBE00C-038E-4B90-9CD0-2BB136388EAC}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped

Delete these:

C:\Documents and Settings\Isabella Cady\Desktop\PopularScreensaversSetup2.1.60.1.ZRfox000.exe
C:\Documents and Settings\Robin Cady\My Documents\ddccd.dll
C:\Program Files\MSN Gaming Zone\profsy.htm
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

Empty Recycle Bin.

Download msconfig from here
and move it to C:\WINDOWS\PCHealth\HelpCtr\Binaries folder

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Hey Shaba,
Thanks for the help so far.

There are a few questions.

Why does my C: drive (main hard drive) still have a red x where the drive icon should be?

Can I delete the multitude of $NtUninstall files located in C:\windows?

I can't believe the level of detail you are going to to help me. I surely appreciate it.

Thanks
 
Hi

"Can I delete the multitude of $NtUninstall files located in C:\windows?"

No, they are hotfix backups. Let them be.

As for red x:

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Is it now back to normal?
 
Hey Shaba,
That worked well.

I am getting another virus warning from Avira.
It reads:
C:\System Volume Information\...\A0002834.exe

Should I do anything about this?

Thanks
 
Hi

No, as it is in system restore.

I give you later instructions how to empty it.

Other than that, any problems left?
 
No problems.
Everything is running smooth.

Should I remove the Avira program and just use Mcafee?

Can I delete the log files and .reg files that were saved to the desktop?

Thanks for your help and knowledge.
Gomer
 
You must log in or register to reply here.
Back
Top