Smitfraud-C.CoreService, Virtumonde Trouble

[jologist]

I started having problems a couple of days ago with malware trying to install "spyware protection" programs. I have problems with popups and what not. More alarming still, I'm having Windows related problems as well like the inability to change my desktop background. It's resulted in a slow down of the whole system.

Spybot also finds Virtumonde and something called ZenoSearch.

I'm posting the HJT log and the Kaspersky log below, I would appreciate any help. Thank you!

HJT Log
----------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:23 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Ai Gear\GearHelp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mslinvestments.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\Ai Gear\GearHelp.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [{6E-E6-6A-AD-ZN}] C:\Documents and Settings\Steve Wells\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\RunOnce: [SpybotDeletingA6383] command /c del "C:\Documents and Settings\Steve Wells\Local Settings\Temp\winAB.tmp.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6622] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9519] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5429] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3919] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7725] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2501] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB539] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5889] cmd /c del "C:\WINDOWS\system32\drivers\core.sys"
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Steve Wells\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Business Objects\JRE\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Business Objects\JRE\bin\npjpi142_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183676296921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183676289140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\cewuepryhde.html

--
End of file - 10985 bytes

 

[jologist]

Here is the Kaspersky Log: (1 of 2)
----------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 06, 2007 1:09:10 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/11/2007
Kaspersky Anti-Virus database records: 452135
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 207384
Number of viruses found: 46
Number of infected objects: 133
Number of suspicious objects: 4
Duration of the scan process: 02:12:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/winAB.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09691E3A.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe Inno: infected - 22 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBF53E1.exe CryptFF: infected - 22 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe Inno: infected - 22 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEA75B2.exe CryptFF: infected - 22 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve Wells\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FlashFXP.v1.3.Build.775.Cracked.Incl.Keymaker-PGC\pgc-fl75.z/cracked.exe Suspicious: Packed.Win32.PePatch.dk skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FlashFXP.v1.3.Build.775.Cracked.Incl.Keymaker-PGC\pgc-fl75.z ZIP: suspicious - 1 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip/ServUSetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.4002 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip/ServUSetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.4002 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\FTP.Serv-U.v4.0.0.2.W9xNT2K.Incl.Keymaker-CORE\cr-su402.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\Serv-U FTP Server v3.0.0.17 Professional\fo-su317.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3017 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\FTP\Apps\Ftp Stuff\Serv-U FTP Server v3.0.0.17 Professional\fo-su317.exe ZIP: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Desktop\From Old 40\unzipped\polaris2001v4.0[1]\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.507 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\CEMG555077.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\CEMG555077.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\gosAA.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\install_en.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\k11u72.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bqc skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\k11u72.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\lmgrd9.log Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\loader.exe Infected: Trojan-Downloader.Win32.VB.bql skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\MTE3MDk6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\winAD.tmp.exe Infected: Trojan-Downloader.Win32.VB.bql skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\winB6.tmp.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\wr-1-77.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temp\~uga6psetup.exe Inno: infected - 4 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\stany[1].exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\918AT5QQ\xc60[1].exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\Install1300[1].exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\s2f[1].exe Infected: Trojan-Downloader.Win32.Alphabet.aa skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\ETG4FRHH\vasya[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\3269[1].exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\acdt-pid72[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\acdt-pid72[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\antzom[1].exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\k11u72[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.bqc skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\k11u72[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\TTC-4444[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\TTC-4444[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\wr-1-77[1].exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\xc23[1].exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\P3G6LFG9\xcd23[1].exe Infected: Trojan-Downloader.Win32.VB.bql skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\install_en[1].exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Steve Wells\Local Settings\Temporary Internet Files\Content.IE5\QJY15H1N\xc29[1].exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Steve Wells\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Steve Wells\ntuser.dat.LOG Object is locked skipped

 

[jologist]

Kaspersky Log (2 of 2):
------------------
C:\flexlm\ARCGIS Object is locked skipped
C:\Program Files\3269.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Messenger\tecoho4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Messenger\tecoho555077.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Messenger\tecoho83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\s2f.exe Infected: Trojan-Downloader.Win32.Alphabet.aa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP162\A0051302.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP162\A0051304.exe Infected: not-virus:Hoax.Win32.Renos.kj skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP163\A0051320.exe Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051362.dll Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051365.dll Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051366.exe Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP164\A0051367.exe Infected: not-a-virus:AdWare.Win32.Agent.tb skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051395.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051396.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051397.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051398.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051399.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051400.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051401.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051404.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051405.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051407.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP165\A0051409.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051574.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051575.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051577.dll Infected: not-a-virus:AdWare.Win32.BHO.je skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051586.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051587.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051588.exe Infected: not-a-virus:AdWare.Win32.Agent.tb skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051608.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\A0051609.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{996B97F6-A396-486C-97D8-368FCBF83642}\RP166\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{32D92619-2820-4160-A558-F1B70D331F3A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\.exe Infected: Trojan-Dropper.Win32.VB.tg skipped
C:\WINDOWS\system32\aivskurq.dll Infected: Trojan-Downloader.Win32.VB.bpt skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\g2\caws83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\g2\caws83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Mz08r\Mz08r1099.exe Infected: Trojan-Downloader.Win32.VB.bqc skipped
C:\WINDOWS\system32\r2\wr31drs.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\xpupdate.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
---------

Again, thank you for any help you can provide.

 

[teacup61]

Hello jologist,

Welcome to Safer Networking Forums

Sorry for the delay. When you reply to your own topic it looks like you're being helped, as Helpers look for topics with 0 replies. If you still need help, please post a new HijackThis log so I can be sure nothing has changed.

Thanks,
tea

 

[tashi]

This topic has been moved to archives.

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

FYI:
The Waiting Room: Post here if waiting for help longer than four days

Copy and paste that information in your next post if the content will take no more than two posts to do so.
If the result of your anti-virus scan is extremely long, please do not post it, but rather inform us when posting the HJT log.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)