Here are my logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:06 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Franklin Covey\Planner\Palm\HotSync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://
www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dlink.freedom.net/promotions/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop
Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton
Utilities\SYSDOC32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Franklin
Covey\Planner\Palm\HotSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
- http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother
Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program
Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
Files\Speed Disk\nopdb.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2)
(sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program
Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 5570 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 10, 2007 1:15:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/11/2007
Kaspersky Anti-Virus database records: 456063
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 89465
Number of viruses found: 9
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 01:57:49
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\My Documents\maintenance\msi mo\UTILITY\Trend\WinNT\program files\Trend Micro\PC-cillin 2000\Pop3trap.exe Object is locked skipped
C:\My Documents\maintenance\msi mo\UTILITY\Trend\WinNT\program files\Trend Micro\PC-cillin 2000\TMNTSRV.EXE Object is locked skipped
C:\ecommerce\dialer.exe Infected: not-a-virus
orn-Dialer.Win32.Netnan skipped
C:\temp.zip/frwrhhvb.exe Infected: Email-Worm.Win32.Bagle.gt skipped
C:\temp.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Cynthia Gill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\fb1.tmp Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\a2onlinescan\quarantine\a2quarantine.tmp/WINDOWS/SYSTEM32/wiwshost.exe Infected: Email-Worm.Win32.Bagle.bj skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\a2onlinescan\quarantine\a2quarantine.tmp ZIP: infected - 1 skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\Perflib_Perfdata_7c4.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\History\History.IE5\MSHist012007111020071111\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\SupportSoft\ddoctorv2\Cynthia Gill\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Application Data\m\data.oct Infected: Email-Worm.Win32.Bagle.hp skipped
C:\Documents and Settings\Cynthia Gill\Application Data\m\flec006.exe Infected: Email-Worm.Win32.Bagle.hj skipped
C:\Documents and Settings\Cynthia Gill\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP645\A0119869.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP649\A0119931.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119937.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119943.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119963.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP651\A0119970.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP653\A0119978.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP655\A0119990.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP657\A0120989.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP660\A0121238.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP660\A0121244.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP661\A0122244.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122251.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122257.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122263.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP672\A0122449.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122469.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122476.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122483.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122489.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP674\change.log Object is locked skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119821.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119827.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119833.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119843.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP644\A0119863.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP670\A0122276.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.011\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.pac skipped
C:\FOUND.014\FILE0310.CHK Infected: Email-Worm.Win32.Bagle.hl skipped
C:\FOUND.016\FILE0002.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.017\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.018\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:06 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Franklin Covey\Planner\Palm\HotSync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://
www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dlink.freedom.net/promotions/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop
Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton
Utilities\SYSDOC32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Franklin
Covey\Planner\Palm\HotSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
- http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother
Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program
Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
Files\Speed Disk\nopdb.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2)
(sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program
Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 5570 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 10, 2007 1:15:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/11/2007
Kaspersky Anti-Virus database records: 456063
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 89465
Number of viruses found: 9
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 01:57:49
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\My Documents\maintenance\msi mo\UTILITY\Trend\WinNT\program files\Trend Micro\PC-cillin 2000\Pop3trap.exe Object is locked skipped
C:\My Documents\maintenance\msi mo\UTILITY\Trend\WinNT\program files\Trend Micro\PC-cillin 2000\TMNTSRV.EXE Object is locked skipped
C:\ecommerce\dialer.exe Infected: not-a-virus
orn-Dialer.Win32.Netnan skippedC:\temp.zip/frwrhhvb.exe Infected: Email-Worm.Win32.Bagle.gt skipped
C:\temp.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Cynthia Gill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\fb1.tmp Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\a2onlinescan\quarantine\a2quarantine.tmp/WINDOWS/SYSTEM32/wiwshost.exe Infected: Email-Worm.Win32.Bagle.bj skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\a2onlinescan\quarantine\a2quarantine.tmp ZIP: infected - 1 skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temp\Perflib_Perfdata_7c4.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\History\History.IE5\MSHist012007111020071111\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Local Settings\Application Data\SupportSoft\ddoctorv2\Cynthia Gill\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cynthia Gill\Application Data\m\data.oct Infected: Email-Worm.Win32.Bagle.hp skipped
C:\Documents and Settings\Cynthia Gill\Application Data\m\flec006.exe Infected: Email-Worm.Win32.Bagle.hj skipped
C:\Documents and Settings\Cynthia Gill\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP645\A0119869.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP649\A0119931.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119937.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119943.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP650\A0119963.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP651\A0119970.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP653\A0119978.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP655\A0119990.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP657\A0120989.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP660\A0121238.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP660\A0121244.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP661\A0122244.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122251.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122257.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP663\A0122263.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP672\A0122449.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122469.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122476.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122483.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP673\A0122489.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP674\change.log Object is locked skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119821.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119827.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119833.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP643\A0119843.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP644\A0119863.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\System Volume Information\_restore{4F564074-97E5-4F87-B703-3BA7275F2A52}\RP670\A0122276.sys Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.011\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.pac skipped
C:\FOUND.014\FILE0310.CHK Infected: Email-Worm.Win32.Bagle.hl skipped
C:\FOUND.016\FILE0002.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.017\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
C:\FOUND.018\FILE0000.CHK Infected: Email-Worm.Win32.Bagle.gy skipped
Scan process completed.
