starting from beginning. MDELK, Bagle and more

kaspersky part 2

2008-08-22 20:58 Detected: Trojan-Downloader.Win32.Bagle.yd c:\windows\system32\RunDll32 cmicnfg.cpl,CMICtrlWnd
2008-08-22 20:50 Detected: http://www.viruslist.com/en/advisories/25570 c:\windows\Downloaded Program Files\vete.dll
2008-08-22 20:45 Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\java.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yd c:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yd c:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\[HGame_XP][AVG][jpn_jpn][愛のチカラ].zip.vir/[HGame_XP][AVG][jpn_jpn][µä¢pü«pâüpé½pâ¬].exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Xteq_URL_Bandit_1.2.zip.vir/Xteq_URL_Bandit_1.2.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\[HGame_XP][AVG][jpn_jpn][愛のチカラ].zip.vir/[HGame_XP][AVG][jpn_jpn][µä¢pü«pâüpé½pâ¬].exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Yes_AntiVirus-Tool_Netsky-P_3.0.zip.vir/Yes_AntiVirus-Tool_Netsky-P_3.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Xteq_URL_Bandit_1.2.zip.vir/Xteq_URL_Bandit_1.2.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Yes_AntiVirus-Tool_Netsky-P_3.0.zip.vir/Yes_AntiVirus-Tool_Netsky-P_3.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\XLPoints_Plus_1.3_(With_Crack).zip.vir/XLPoints_Plus_1.3_(With_Crack).exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\XLPoints_Plus_1.3_(With_Crack).zip.vir/XLPoints_Plus_1.3_(With_Crack).exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Xceed_Chart_for_ASP.NET_3.0.zip.vir/Xceed_Chart_for_ASP.NET_3.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Xceed_Chart_for_ASP.NET_3.0.zip.vir/Xceed_Chart_for_ASP.NET_3.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Wwhois_2.1.zip.vir/Wwhois_2.1.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Wwhois_2.1.zip.vir/Wwhois_2.1.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Windows_&_Internet_Cleaner_Pro_3.22_(Patch).zip.vir/Windows_&_Internet_Cleaner_Pro_3.22_(Patch).exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Woize_2.5.0.32959.zip.vir/Woize_2.5.0.32959.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Word_Blaster_3.5.zip.vir/Word_Blaster_3.5.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Windows_&_Internet_Cleaner_Pro_3.22_(Patch).zip.vir/Windows_&_Internet_Cleaner_Pro_3.22_(Patch).exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Woize_2.5.0.32959.zip.vir/Woize_2.5.0.32959.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Word_Blaster_3.5.zip.vir/Word_Blaster_3.5.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Web_Log_Explorer_3.31_Crack.zip.vir/Web_Log_Explorer_3.31_Crack.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Web_Log_Explorer_3.31_Crack.zip.vir/Web_Log_Explorer_3.31_Crack.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Virtual_Hypnotist_5.551.zip.vir/Virtual_Hypnotist_5.551.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Video_Matrix_Screensaver_1.0.zip.vir/Video_Matrix_Screensaver_1.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Virtual_Hypnotist_5.551.zip.vir/Virtual_Hypnotist_5.551.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Video_Matrix_Screensaver_1.0.zip.vir/Video_Matrix_Screensaver_1.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\VideoShotMaker_1.00.zip.vir/VideoShotMaker_1.00.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\VideoShotMaker_1.00.zip.vir/VideoShotMaker_1.00.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\US_meteo_by_sat_1.1.zip.vir/US_meteo_by_sat_1.1.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Unreal_Tournament_2004_Judge_Judy_Voice_Pack.zip.vir/Unreal_Tournament_2004_Judge_Judy_Voice_Pack.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\US_meteo_by_sat_1.1.zip.vir/US_meteo_by_sat_1.1.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Unreal_Tournament_2004_Judge_Judy_Voice_Pack.zip.vir/Unreal_Tournament_2004_Judge_Judy_Voice_Pack.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Unreal_Tournament_2003_-_Vertical_deathmatch_map.zip.vir/Unreal_Tournament_2003_-_Vertical_deathmatch_map.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Unreal_Tournament_2003_-_Vertical_deathmatch_map.zip.vir/Unreal_Tournament_2003_-_Vertical_deathmatch_map.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\TIFF_To_PDF_ActiveX_Component_2.0.2007.718_KeyGen.zip.vir/TIFF_To_PDF_ActiveX_Component_2.0.2007.718_KeyGen.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\TIFF_To_PDF_ActiveX_Component_2.0.2007.718_KeyGen.zip.vir/TIFF_To_PDF_ActiveX_Component_2.0.2007.718_KeyGen.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\The_Quiz_Press_1.8_Crack.zip.vir/The_Quiz_Press_1.8_Crack.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\The_Quiz_Press_1.8_Crack.zip.vir/The_Quiz_Press_1.8_Crack.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ThePlayground_1.0.zip.vir/ThePlayground_1.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ThePlayground_1.0.zip.vir/ThePlayground_1.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SunGlance_1.0_Serial.zip.vir/SunGlance_1.0_Serial.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Text_Mnemonic_Generator_3.4.zip.vir/Text_Mnemonic_Generator_3.4.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Tele-Cap_Professional_3.0.1.zip.vir/Tele-Cap_Professional_3.0.1.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SunGlance_1.0_Serial.zip.vir/SunGlance_1.0_Serial.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Text_Mnemonic_Generator_3.4.zip.vir/Text_Mnemonic_Generator_3.4.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Tele-Cap_Professional_3.0.1.zip.vir/Tele-Cap_Professional_3.0.1.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\StormWarn_1.2.zip.vir/StormWarn_1.2.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\StormWarn_1.2.zip.vir/StormWarn_1.2.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SQLWays_3.9.zip.vir/SQLWays_3.9.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SQLWays_3.9.zip.vir/SQLWays_3.9.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SpaceMan_99_3.1.zip.vir/SpaceMan_99_3.1.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SpyCatcher_Express_2006_4.4.6.zip.vir/SpyCatcher_Express_2006_4.4.6.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SpyCatcher_Express_2006_4.4.6.zip.vir/SpyCatcher_Express_2006_4.4.6.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SpaceMan_99_3.1.zip.vir/SpaceMan_99_3.1.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Source_Explorer_VS.NET_2003_plugin_1.0.zip.vir/Source_Explorer_VS.NET_2003_plugin_1.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Source_Explorer_VS.NET_2003_plugin_1.0.zip.vir/Source_Explorer_VS.NET_2003_plugin_1.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Shadow_Professional_2.7_(Crack).zip.vir/Shadow_Professional_2.7_(Crack).exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ShowFont_-_Windows_Font_Lister_1.12.zip.vir/ShowFont_-_Windows_Font_Lister_1.12.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Snail_Mail_1.0.zip.vir/Snail_Mail_1.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ShowFont_-_Windows_Font_Lister_1.12.zip.vir/ShowFont_-_Windows_Font_Lister_1.12.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Snail_Mail_1.0.zip.vir/Snail_Mail_1.0.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Shadow_Professional_2.7_(Crack).zip.vir/Shadow_Professional_2.7_(Crack).exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Serial_Port_Monitor_3.zip.vir/Serial_Port_Monitor_3.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SGadget_1.2_Cracked.zip.vir/SGadget_1.2_Cracked.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Sea_Bounty_1.1.zip.vir/Sea_Bounty_1.1.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\SGadget_1.2_Cracked.zip.vir/SGadget_1.2_Cracked.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Serial_Port_Monitor_3.zip.vir/Serial_Port_Monitor_3.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Sea_Bounty_1.1.zip.vir/Sea_Bounty_1.1.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Robot_Shut_Down_5.0.zip.vir/Robot_Shut_Down_5.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Robot_Shut_Down_5.0.zip.vir/Robot_Shut_Down_5.0.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ProTarot_Reader_2.0.58_(Patch).zip.vir/ProTarot_Reader_2.0.58_(Patch).exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Rmvb_Rm_Fix_Repair_Joiner_3.23_Cracked.zip.vir/Rmvb_Rm_Fix_Repair_Joiner_3.23_Cracked.exe Postponed
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PlugAdmin_Windows_1.0_Crack.zip.vir/PlugAdmin_Windows_1.0_Crack.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Rmvb_Rm_Fix_Repair_Joiner_3.23_Cracked.zip.vir/Rmvb_Rm_Fix_Repair_Joiner_3.23_Cracked.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ProTarot_Reader_2.0.58_(Patch).zip.vir/ProTarot_Reader_2.0.58_(Patch).exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PrintPictures_1.0.zip.vir/PrintPictures_1.0.exe Postponed
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PrintPictures_1.0.zip.vir/PrintPictures_1.0.exe
2008-08-22 20:43 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PlugAdmin_Windows_1.0_Crack.zip.vir/PlugAdmin_Windows_1.0_Crack.exe
2008-08-22 20:43 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Playtonium_Jigsaw_Patterns_in_Nature_1.0.zip.vir/Playtonium_Jigsaw_Patterns_in_Nature_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Playtonium_Jigsaw_Patterns_in_Nature_1.0.zip.vir/Playtonium_Jigsaw_Patterns_in_Nature_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PHPRunner_4.0_Build_265.zip.vir/PHPRunner_4.0_Build_265.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PHPRunner_4.0_Build_265.zip.vir/PHPRunner_4.0_Build_265.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PhotoLine_32_12.02.zip.vir/PhotoLine_32_12.02.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PhotoLine_32_12.02.zip.vir/PhotoLine_32_12.02.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PhotoElf_4.0.18_[With_Crack].zip.vir/PhotoElf_4.0.18_[With_Crack].exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PC_Recent_1.1.0_Key.zip.vir/PC_Recent_1.1.0_Key.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PhotoElf_4.0.18_[With_Crack].zip.vir/PhotoElf_4.0.18_[With_Crack].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PDB_Creator_Pro_1.0.2.zip.vir/PDB_Creator_Pro_1.0.2.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PDB_Creator_Pro_1.0.2.zip.vir/PDB_Creator_Pro_1.0.2.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\PC_Recent_1.1.0_Key.zip.vir/PC_Recent_1.1.0_Key.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Password_Recovery_Software_2.1.zip.vir/Password_Recovery_Software_2.1.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Patterns_of_Nature_Screensaver_2.0.zip.vir/Patterns_of_Nature_Screensaver_2.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Patterns_of_Nature_Screensaver_2.0.zip.vir/Patterns_of_Nature_Screensaver_2.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Password_Recovery_Software_2.1.zip.vir/Password_Recovery_Software_2.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Panzer_Elite_Action_Fields_of_Glory_multiplayer_demo.zip.vir/Panzer_Elite_Action_Fields_of_Glory_multiplayer_demo.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Panzer_Elite_Action_Fields_of_Glory_multiplayer_demo.zip.vir/Panzer_Elite_Action_Fields_of_Glory_multiplayer_demo.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Paintball_Office_Pro_2.0.zip.vir/Paintball_Office_Pro_2.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Paintball_Office_Pro_2.0.zip.vir/Paintball_Office_Pro_2.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\OutlookFIX_Repair_and_Undelete_2.09_[Serial].zip.vir/OutlookFIX_Repair_and_Undelete_2.09_[Serial].exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Neo_Pro_3.1.374.zip.vir/Neo_Pro_3.1.374.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\OutlookFIX_Repair_and_Undelete_2.09_[Serial].zip.vir/OutlookFIX_Repair_and_Undelete_2.09_[Serial].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\OutClock_1.1.zip.vir/OutClock_1.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\OutClock_1.1.zip.vir/OutClock_1.1.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Neo_Pro_3.1.374.zip.vir/Neo_Pro_3.1.374.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MyJgui_0.5.3.zip.vir/MyJgui_0.5.3.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\My_Downloads_1.4.zip.vir/My_Downloads_1.4.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\My_Downloads_1.4.zip.vir/My_Downloads_1.4.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MyJgui_0.5.3.zip.vir/MyJgui_0.5.3.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Multiplayer_Championship_Poker_(Pocket_PC)_4.zip.vir/Multiplayer_Championship_Poker_(Pocket_PC)_4.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Multiplayer_Championship_Poker_(Pocket_PC)_4.zip.vir/Multiplayer_Championship_Poker_(Pocket_PC)_4.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MSN_Cartoon_Avatar_Display_Pack_1.0.zip.vir/MSN_Cartoon_Avatar_Display_Pack_1.0.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MSN_Webcam_Recorder_9.1.zip.vir/MSN_Webcam_Recorder_9.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MSN_Cartoon_Avatar_Display_Pack_1.0.zip.vir/MSN_Cartoon_Avatar_Display_Pack_1.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MSN_Webcam_Recorder_9.1.zip.vir/MSN_Webcam_Recorder_9.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MouseClock_3.2_[Patch].zip.vir/MouseClock_3.2_[Patch].exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MouseMeter_0.1.3.zip.vir/MouseMeter_0.1.3.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MouseMeter_0.1.3.zip.vir/MouseMeter_0.1.3.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MouseClock_3.2_[Patch].zip.vir/MouseClock_3.2_[Patch].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Minister_Scheduler_Pro_1.0.zip.vir/Minister_Scheduler_Pro_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Minister_Scheduler_Pro_1.0.zip.vir/Minister_Scheduler_Pro_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MindStudio_Vocab_1.0.zip.vir/MindStudio_Vocab_1.0.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MindVisualizer_Standard_1.4.4.0_(Serial).zip.vir/MindVisualizer_Standard_1.4.4.0_(Serial).exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Meteor_1.1.zip.vir/Meteor_1.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MindVisualizer_Standard_1.4.4.0_(Serial).zip.vir/MindVisualizer_Standard_1.4.4.0_(Serial).exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MindStudio_Vocab_1.0.zip.vir/MindStudio_Vocab_1.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Meteor_1.1.zip.vir/Meteor_1.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Medal_of_Honor_Allied_Assault_Spearhead_-_Southern_France_map.zip.vir/Medal_of_Honor_Allied_Assault_Spearhead_-_Southern_France_map.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Medal_of_Honor_Allied_Assault_Spearhead_-_Southern_France_map.zip.vir/Medal_of_Honor_Allied_Assault_Spearhead_-_Southern_France_map.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Mcafee.Virus.Scan.Professional.Edition.8.0-Ita.zip.vir/Mcafee.Virus.Scan.Professional.Edition.8.0-Ita.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MarsEdit_1.0.zip.vir/MarsEdit_1.0.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\McAfee.VirusScan.10.0.zip.vir/McAfee.VirusScan.10.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\McAfee.VirusScan.10.0.zip.vir/McAfee.VirusScan.10.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Mcafee.Virus.Scan.Professional.Edition.8.0-Ita.zip.vir/Mcafee.Virus.Scan.Professional.Edition.8.0-Ita.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\MarsEdit_1.0.zip.vir/MarsEdit_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Live_Search_Podcast_1.1.zip.vir/Live_Search_Podcast_1.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Live_Search_Podcast_1.1.zip.vir/Live_Search_Podcast_1.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Klinzter_Script_4.2.zip.vir/Klinzter_Script_4.2.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Link_Folder_1.0.zip.vir/Link_Folder_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Link_Folder_1.0.zip.vir/Link_Folder_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\IPComboBox_OCX_1.0.0.1.zip.vir/IPComboBox_OCX_1.0.0.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Klinzter_Script_4.2.zip.vir/Klinzter_Script_4.2.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Libcurl.NET_1.3.zip.vir/Libcurl.NET_1.3.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Libcurl.NET_1.3.zip.vir/Libcurl.NET_1.3.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\IPComboBox_OCX_1.0.0.1.zip.vir/IPComboBox_OCX_1.0.0.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\IP_Monitor_5.1.zip.vir/IP_Monitor_5.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\IP_Monitor_5.1.zip.vir/IP_Monitor_5.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Internet_Explorer_Password_Recovery_Master_1.4.zip.vir/Internet_Explorer_Password_Recovery_Master_1.4.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\HSLAB_Logger_3.4.28.124_With_Crack.zip.vir/HSLAB_Logger_3.4.28.124_With_Crack.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Internet_Explorer_Password_Recovery_Master_1.4.zip.vir/Internet_Explorer_Password_Recovery_Master_1.4.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\HSLAB_Logger_3.4.28.124_With_Crack.zip.vir/HSLAB_Logger_3.4.28.124_With_Crack.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\imeem_2.4.38.2476.zip.vir/imeem_2.4.38.2476.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\imeem_2.4.38.2476.zip.vir/imeem_2.4.38.2476.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Greek_Formulae_1.0.zip.vir/Greek_Formulae_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Greek_Formulae_1.0.zip.vir/Greek_Formulae_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Hawaii_Screensaver_4.0.zip.vir/Hawaii_Screensaver_4.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Hawaii_Screensaver_4.0.zip.vir/Hawaii_Screensaver_4.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Go_Game_Hamete_and_Overplay_for_Smartphone_1.1.zip.vir/Go_Game_Hamete_and_Overplay_for_Smartphone_1.1.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\GrabJPG_1.12.zip.vir/GrabJPG_1.12.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\GrabJPG_1.12.zip.vir/GrabJPG_1.12.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Go_Game_Hamete_and_Overplay_for_Smartphone_1.1.zip.vir/Go_Game_Hamete_and_Overplay_for_Smartphone_1.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Ghost_MP3_CD_Maker_2.0.zip.vir/Ghost_MP3_CD_Maker_2.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Ghost_MP3_CD_Maker_2.0.zip.vir/Ghost_MP3_CD_Maker_2.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FirePanel_XP_2.2.0.0_(Patch).zip.vir/FirePanel_XP_2.2.0.0_(Patch).exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FastPhpInsert_News-Slide-Protected_page_1.0_Key+Serial.zip.vir/FastPhpInsert_News-Slide-Protected_page_1.0_Key+Serial.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FotoTime_FotoAlbum_Pro_5.3.1.4_Cracked.zip.vir/FotoTime_FotoAlbum_Pro_5.3.1.4_Cracked.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FotoTime_FotoAlbum_Pro_5.3.1.4_Cracked.zip.vir/FotoTime_FotoAlbum_Pro_5.3.1.4_Cracked.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FirePanel_XP_2.2.0.0_(Patch).zip.vir/FirePanel_XP_2.2.0.0_(Patch).exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\FastPhpInsert_News-Slide-Protected_page_1.0_Key+Serial.zip.vir/FastPhpInsert_News-Slide-Protected_page_1.0_Key+Serial.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Fast_Port_Scanner_1.0.zip.vir/Fast_Port_Scanner_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Fast_Port_Scanner_1.0.zip.vir/Fast_Port_Scanner_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\F-Prot.Antivirus.for.Windows.v3.16.Retail-DVT.zip.vir/F-Prot.Antivirus.for.Windows.v3.16.Retail-DVT.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\F-Prot.Antivirus.for.Windows.v3.16.Retail-DVT.zip.vir/F-Prot.Antivirus.for.Windows.v3.16.Retail-DVT.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Email_Collector_Lite_1.6.8.zip.vir/Email_Collector_Lite_1.6.8.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EZRound_2.1.zip.vir/EZRound_2.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EZRound_2.1.zip.vir/EZRound_2.1.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Email_Collector_Lite_1.6.8.zip.vir/Email_Collector_Lite_1.6.8.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Egypt_of_David_Roberts_1.0.zip.vir/Egypt_of_David_Roberts_1.0.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Express_Tax_Refund_1.0.zip.vir/Express_Tax_Refund_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Express_Tax_Refund_1.0.zip.vir/Express_Tax_Refund_1.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Egypt_of_David_Roberts_1.0.zip.vir/Egypt_of_David_Roberts_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EF_CheckSum_Manager_4.30_[Crack].zip.vir/EF_CheckSum_Manager_4.30_[Crack].exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EF_CheckSum_Manager_4.30_[Crack].zip.vir/EF_CheckSum_Manager_4.30_[Crack].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\E-mail_Redemption_for_Outlook_1.6.zip.vir/E-mail_Redemption_for_Outlook_1.6.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EcoKeno_3.74.zip.vir/EcoKeno_3.74.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\EcoKeno_3.74.zip.vir/EcoKeno_3.74.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\E-mail_Redemption_for_Outlook_1.6.zip.vir/E-mail_Redemption_for_Outlook_1.6.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Dynamic_DBTreeView_1.8.zip.vir/Dynamic_DBTreeView_1.8.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\E-Converter_1.50.zip.vir/E-Converter_1.50.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\E-Converter_1.50.zip.vir/E-Converter_1.50.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Dynamic_DBTreeView_1.8.zip.vir/Dynamic_DBTreeView_1.8.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DNS_Redirector_6.3.1_Crack.zip.vir/DNS_Redirector_6.3.1_Crack.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DNS_Redirector_6.3.1_Crack.zip.vir/DNS_Redirector_6.3.1_Crack.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DXMan_1.10.zip.vir/DXMan_1.10.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DXMan_1.10.zip.vir/DXMan_1.10.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DiskViz_-_Link_Checker_1.0_[Patch].zip.vir/DiskViz_-_Link_Checker_1.0_[Patch].exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Claxa_1.0.zip.vir/Claxa_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\DiskViz_-_Link_Checker_1.0_[Patch].zip.vir/DiskViz_-_Link_Checker_1.0_[Patch].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CD_WAVE_Ripper_1.0.zip.vir/CD_WAVE_Ripper_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Claxa_1.0.zip.vir/Claxa_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CutePage_CoolText_1.5.zip.vir/CutePage_CoolText_1.5.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CutePage_CoolText_1.5.zip.vir/CutePage_CoolText_1.5.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CD_WAVE_Ripper_1.0.zip.vir/CD_WAVE_Ripper_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Christian_Virtual_Hymnal_2.zip.vir/Christian_Virtual_Hymnal_2.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Christian_Virtual_Hymnal_2.zip.vir/Christian_Virtual_Hymnal_2.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CATLearn_Reader_1.1.zip.vir/CATLearn_Reader_1.1.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\CATLearn_Reader_1.1.zip.vir/CATLearn_Reader_1.1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Bukster_Link_Generator_1.0.zip.vir/Bukster_Link_Generator_1.0.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\BT_Engine_4.8_build_0605.zip.vir/BT_Engine_4.8_build_0605.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Business_Card_Printer_2.0.zip.vir/Business_Card_Printer_2.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Business_Card_Printer_2.0.zip.vir/Business_Card_Printer_2.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\BT_Engine_4.8_build_0605.zip.vir/BT_Engine_4.8_build_0605.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Bukster_Link_Generator_1.0.zip.vir/Bukster_Link_Generator_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Bronze_Sculpture_Jigsaw_Puzzle_45pcs.zip.vir/Bronze_Sculpture_Jigsaw_Puzzle_45pcs.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Bronze_Sculpture_Jigsaw_Puzzle_45pcs.zip.vir/Bronze_Sculpture_Jigsaw_Puzzle_45pcs.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Boombox_Granny_Demo_Screensaver_1.0.zip.vir/Boombox_Granny_Demo_Screensaver_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Boombox_Granny_Demo_Screensaver_1.0.zip.vir/Boombox_Granny_Demo_Screensaver_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Beta_Program_Bug_&_Feature_Database_1.0_Cracked.zip.vir/Beta_Program_Bug_&_Feature_Database_1.0_Cracked.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\BidSolid_1.06.zip.vir/BidSolid_1.06.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Backup_Chunker_2.0.zip.vir/Backup_Chunker_2.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\BidSolid_1.06.zip.vir/BidSolid_1.06.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Beta_Program_Bug_&_Feature_Database_1.0_Cracked.zip.vir/Beta_Program_Bug_&_Feature_Database_1.0_Cracked.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Backup_Chunker_2.0.zip.vir/Backup_Chunker_2.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Backup_Premium_2.5_[Patch].zip.vir/Backup_Premium_2.5_[Patch].exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Backup_Premium_2.5_[Patch].zip.vir/Backup_Premium_2.5_[Patch].exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Avoirdupois_Weight_Measure_Converter_1.zip.vir/Avoirdupois_Weight_Measure_Converter_1.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Aplus_DVD_Creator_4.52.zip.vir/Aplus_DVD_Creator_4.52.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Avoirdupois_Weight_Measure_Converter_1.zip.vir/Avoirdupois_Weight_Measure_Converter_1.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ApHeMo_1.5.0.8.zip.vir/ApHeMo_1.5.0.8.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Aplus_DVD_Creator_4.52.zip.vir/Aplus_DVD_Creator_4.52.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AppSpy_2.3_(Key).zip.vir/AppSpy_2.3_(Key).exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ApHeMo_1.5.0.8.zip.vir/ApHeMo_1.5.0.8.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AppSpy_2.3_(Key).zip.vir/AppSpy_2.3_(Key).exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Anubis_P2P_1.4.zip.vir/Anubis_P2P_1.4.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AnyForm_5.0.zip.vir/AnyForm_5.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AnyForm_5.0.zip.vir/AnyForm_5.0.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Anubis_P2P_1.4.zip.vir/Anubis_P2P_1.4.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AllPeers_0.55.1_Beta.zip.vir/AllPeers_0.55.1_Beta.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AntiVir.PersonalEdition.Premium.v7.+.VDF.v6.34.00.48.+.Lizenz.Key.zip.vir/AntiVir.PersonalEdition.Premium.v7.+.VDF.v6.34.00.48.+.Lizenz.Key.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AllPeers_0.55.1_Beta.zip.vir/AllPeers_0.55.1_Beta.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\AntiVir.PersonalEdition.Premium.v7.+.VDF.v6.34.00.48.+.Lizenz.Key.zip.vir/AntiVir.PersonalEdition.Premium.v7.+.VDF.v6.34.00.48.+.Lizenz.Key.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Aide_Onlinometer_1.70_Key+Serial.zip.vir/Aide_Onlinometer_1.70_Key+Serial.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Air_Messenger_Pro_6.7.4.zip.vir/Air_Messenger_Pro_6.7.4.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Aide_Onlinometer_1.70_Key+Serial.zip.vir/Aide_Onlinometer_1.70_Key+Serial.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Air_Messenger_Pro_6.7.4.zip.vir/Air_Messenger_Pro_6.7.4.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Advanced_StartUp_Manager_1.41_With_Crack.zip.vir/Advanced_StartUp_Manager_1.41_With_Crack.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Advanced_StartUp_Manager_1.41_With_Crack.zip.vir/Advanced_StartUp_Manager_1.41_With_Crack.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Advanced_PDF_Generator_1.1.3.0_(Patch).zip.vir/Advanced_PDF_Generator_1.1.3.0_(Patch).exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Advanced_PDF_Generator_1.1.3.0_(Patch).zip.vir/Advanced_PDF_Generator_1.1.3.0_(Patch).exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Adoc2PDF_1.2.zip.vir/Adoc2PDF_1.2.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ABCUpload_.NET_5.3.0.zip.vir/ABCUpload_.NET_5.3.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\Adoc2PDF_1.2.zip.vir/Adoc2PDF_1.2.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ACA_Capture_Pro_5.50_(KeyGen).zip.vir/ACA_Capture_Pro_5.50_(KeyGen).exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ACA_Capture_Pro_5.50_(KeyGen).zip.vir/ACA_Capture_Pro_5.50_(KeyGen).exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\ABCUpload_.NET_5.3.0.zip.vir/ABCUpload_.NET_5.3.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\data.oct.vir Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\3D_Ultra_NASCAR_Pinball_1.0.zip.vir/3D_Ultra_NASCAR_Pinball_1.0.exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\data.oct.vir
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\3D_Ultra_NASCAR_Pinball_1.0.zip.vir/3D_Ultra_NASCAR_Pinball_1.0.exe
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\131_Ice_Cream_Maker_Recipes_1.0_Patch.zip.vir/131_Ice_Cream_Maker_Recipes_1.0_Patch.exe Postponed
2008-08-22 20:42 Untreated: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\3D_Haunting_Halloween_Screensaver_1.0_[Cracked].zip.vir/3D_Haunting_Halloween_Screensaver_1.0_[Cracked].exe Postponed
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\131_Ice_Cream_Maker_Recipes_1.0_Patch.zip.vir/131_Ice_Cream_Maker_Recipes_1.0_Patch.exe
2008-08-22 20:42 Detected: Trojan-Downloader.Win32.Bagle.yt c:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\m\shared\3D_Haunting_Halloween_Screensaver_1.0_[Cracked].zip.vir/3D_Haunting_Halloween_Screensaver_1.0_[Cracked].exe
2008-08-22 20:39 Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Flash.ocx
2008-08-22 20:37 Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead DMF Launcher 2.0\Flash.ocx
2008-08-22 20:36 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\TimingTool\jre\bin\java.exe
2008-08-22 20:35 Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
2008-08-22 20:33 Detected: http://www.viruslist.com/en/advisories/30761 c:\program files\mozilla firefox\firefox.exe
2008-08-22 20:31 Detected: http://www.viruslist.com/en/advisories/30975 c:\program files\microsoft office\office11\winword.exe
2008-08-22 20:31 Detected: http://www.viruslist.com/en/advisories/31453 c:\program files\microsoft office\office11\powerpnt.exe
2008-08-22 20:31 Detected: http://www.viruslist.com/en/advisories/29320 c:\program files\microsoft office\office11\outlook.exe
2008-08-22 20:31 Detected: http://www.viruslist.com/en/advisories/31454 c:\program files\microsoft office\office11\excel.exe
2008-08-22 20:31 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\MATLAB704\uninstall\java\jre\win32\jre\bin\java.exe
2008-08-22 20:23 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\MATLAB704\sys\java\jre\win32\jre1.5.0\bin\java.exe
2008-08-22 20:22 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Logitech\Harmony Remote\JRE\bin\eula.dll
2008-08-22 20:20 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Postponed
2008-08-22 20:20 Detected: Trojan-Downloader.Win32.Bagle.yd c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2008-08-22 20:15 Detected: http://www.viruslist.com/en/advisories/25023 c:\program files\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
2008-08-22 19:53 Detected: http://www.viruslist.com/en/advisories/31010 c:\Documents and Settings\All Users\Documents\Software\matlab704\java\jre\win32\jre\bin\java.exe
2008-08-22 19:31 Detected: http://www.viruslist.com/en/advisories/31010 c:\Documents and Settings\All Users\Documents\Matlab 7\Matlab 1\java\jre\win32\jre\bin\eula.dll
2008-08-22 19:26 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP2\A0002240.exe Postponed
2008-08-22 19:26 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP2\A0002240.exe
2008-08-22 19:25 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP17\A0004069.exe Postponed
2008-08-22 19:25 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP17\A0004069.exe
2008-08-22 19:25 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP17\A0004068.exe Postponed
2008-08-22 19:25 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP17\A0004068.exe
2008-08-22 19:25 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP16\A0003953.exe Postponed
2008-08-22 19:25 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP16\A0003954.exe Postponed
2008-08-22 19:25 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP16\A0003954.exe
2008-08-22 19:25 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP16\A0003953.exe
2008-08-22 19:24 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002223.exe Postponed
2008-08-22 19:24 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002223.exe
2008-08-22 19:24 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002164.exe Postponed
2008-08-22 19:24 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002164.exe
2008-08-22 19:24 Untreated: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002067.exe Postponed
2008-08-22 19:24 Detected: Trojan-Downloader.Win32.Bagle.yd c:\System Volume Information\_restore{9384D14A-8919-45E0-8D92-F319E956DD83}\RP1\A0002067.exe
2008-08-22 19:23 Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\java.exe
2008-08-22 19:23 Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
2008-08-22 19:23 Detected: http://www.viruslist.com/en/advisories/30761 c:\program files\mozilla firefox\firefox.exe
2008-08-22 19:22 Detected: http://www.viruslist.com/en/advisories/30975 c:\program files\microsoft office\office11\winword.exe
2008-08-22 19:22 Detected: http://www.viruslist.com/en/advisories/31453 c:\program files\microsoft office\office11\powerpnt.exe
2008-08-22 19:22 Detected: http://www.viruslist.com/en/advisories/31454 c:\program files\microsoft office\office11\excel.exe
2008-08-22 19:22 Detected: http://www.viruslist.com/en/advisories/29320 c:\program files\microsoft office\office11\outlook.exe
2008-08-22 19:21 Task started
 
HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:59 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
C:\Temp\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegClean] "C:\Program Files\RegClean\RegClean.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1217908534546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217908520187
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://12.30.180.135/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.provigent.com/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: wcnotify - C:\WINDOWS\SYSTEM32\wcnotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files\MediaMall\MediaMallServer.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11173 bytes
 
Hi

According to Kaspersky report lots of your programs need updating. It's better you update those all (or uninstall completely if there're some you don't use anymore) after we've got you clean.


Please uninstall following items thru add/remove programs:
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer


Then delete following folder:
c:\program files\Google\GoogleToolbarNotifier

and file:
c:\windows\system32\RunDll32 cmicnfg.cpl,CMICtrlWnd


Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


After that run ComboFix again and post back its log, a fresh hjt log & Malwarebytes' Anti-Malware report.
 
One more thing- boot mode

After the last cleaning, I tried boot mode.
It will get as far as the startup screen now, then reboot.
Previously it would not even get this far.
 
Thanks for the heads up. Now please follow the instructions I posted :)
 
results

I removed Google Toolbar but could not find the directory or files

c:\windows\system32\RunDll32 cmicnfg.cpl,CMICtrlWnd

I ran Malwarebytes and here is the report. HJT and CF logs follow also.
-------------------------------------------------------

Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 3

7:55:35 PM 8/27/2008
mbam-log-08-27-2008 (19-55-35).txt

Scan type: Full Scan (C:\|G:\|J:\|)
Objects scanned: 238949
Time elapsed: 1 hour(s), 31 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------------
HJT
--------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:14 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Temp\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegClean] "C:\Program Files\RegClean\RegClean.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1217908534546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217908520187
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://12.30.180.135/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.provigent.com/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: wcnotify - C:\WINDOWS\SYSTEM32\wcnotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files\MediaMall\MediaMallServer.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10959 bytes
------------------------------------------------------------
CF log

--------------------------------------------------------

ComboFix 08-08-27.03 - Mike 2008-08-27 20:08:50.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.404 [GMT -7:00]
Running from: C:\Documents and Settings\Mike\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\#SharedObjects\5MCT9UUU\bin.clearspring.com
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\#SharedObjects\5MCT9UUU\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-22 11:50 . 2008-08-22 17:35 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-22 11:50 . 2008-08-22 11:50 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-22 11:49 . 2008-08-22 11:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-22 11:49 . 2008-08-27 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-22 11:49 . 2008-08-23 06:25 7,526,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-22 11:49 . 2008-08-27 18:09 409,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-22 11:49 . 2008-08-23 06:25 60,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-22 11:49 . 2008-08-27 18:09 3,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-22 11:46 . 2008-08-22 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-22 11:46 . 2008-08-22 11:44 33,138,928 --a------ C:\Temp\kav8.0.0.454en.exe
2008-08-22 11:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-22 11:14 . 2008-08-22 11:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-22 11:13 . 2008-08-22 10:58 15,984,024 --a------ C:\Temp\jre-6u7-windows-i586-p-s.exe
2008-08-22 09:37 . 2008-08-22 19:19 <DIR> d-------- C:\Temp\backups
2008-08-16 19:03 . 2008-08-16 19:03 231,999 --a------ C:\Temp\Beagled.exe
2008-08-16 18:54 . 2008-08-16 18:58 <DIR> d-------- C:\ComboFix
2008-08-16 18:02 . 2008-08-16 18:16 250 --a------ C:\WINDOWS\gmer.ini
2008-08-16 18:01 . 2008-08-16 18:01 747,873 --a------ C:\Temp\gmer.zip
2008-08-16 17:54 . 2008-08-16 17:54 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-08-16 17:54 . 2008-08-16 17:54 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-08-16 15:53 . 2008-08-16 15:53 401,720 --a------ C:\Temp\HiJackThis.exe
2008-08-16 15:52 . 2008-08-16 15:53 716,539 --a------ C:\Temp\HJTInstall.exe
2008-08-16 13:50 . 2008-08-22 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-16 12:45 . 2008-08-16 16:28 15,083,520 --a------ C:\Temp\spybotsd160.exe
2008-08-16 12:17 . 2008-08-16 12:17 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-08-16 08:48 . 2008-08-16 08:48 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Sunbelt Software
2008-08-16 08:48 . 2008-08-16 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-16 08:47 . 2008-08-16 08:47 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-08-16 08:45 . 2008-08-16 08:42 45,935,776 --a------ C:\Temp\counterspy.exe
2008-08-15 18:02 . 2008-08-15 18:02 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-08-15 18:01 . 2008-08-27 18:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 18:01 . 2008-08-15 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 18:01 . 2008-08-06 21:59 1,885,120 --a------ C:\Temp\mbam-setup.exe
2008-08-15 18:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 18:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 17:49 . 2008-08-15 19:14 <DIR> d-------- C:\Documents and Settings\Mike\.housecall6.6
2008-08-15 07:48 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 07:48 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 12:57 . 2008-08-14 12:57 <DIR> d-------- C:\Program Files\Safari
2008-08-12 11:30 . 2008-08-12 11:30 <DIR> d-------- C:\Program Files\iPod
2008-08-12 11:29 . 2008-08-12 11:30 <DIR> d-------- C:\Program Files\iTunes
2008-08-12 11:28 . 2008-08-12 11:28 <DIR> d-------- C:\Program Files\Bonjour
2008-08-12 11:22 . 2008-08-12 11:22 63,530,280 --a------ C:\Temp\iTunesSetup.exe
2008-08-04 22:46 . 2008-08-04 22:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-04 22:35 . 2008-08-04 22:35 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-04 22:04 . 2008-08-04 22:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-04 22:04 . 2008-08-04 22:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-04 22:04 . 2008-08-04 22:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-04 22:04 . 2008-08-04 22:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-04 22:02 . 2008-08-04 22:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-04 21:33 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-04 20:55 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-04 20:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-04 20:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-04 20:55 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-03 12:21 . 2008-08-03 12:21 2,108,504 --a------ C:\Temp\GPSMAP60CSx_370.exe
2008-08-03 12:13 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-08-03 12:13 . 2006-02-20 11:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-08-03 12:13 . 2006-04-11 12:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-08-03 12:13 . 2006-07-11 12:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-08-03 12:13 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-08-03 12:12 . 2008-08-03 21:28 <DIR> d-------- C:\Garmin
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 11:10 . 2008-07-29 11:10 <DIR> d-------- C:\Program Files\Tech-Pro World Clock 2
2008-07-29 11:10 . 2008-02-04 02:10 237,776 --a------ C:\WINDOWS\system32\tpuninst.exe
2008-07-29 11:08 . 2008-07-29 11:08 2,428,088 --a------ C:\Temp\wc2setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 03:22 --------- d-----w C:\Documents and Settings\Mike\Application Data\Skype
2008-08-28 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-28 00:58 --------- d-----w C:\Program Files\Google
2008-08-28 00:54 --------- d-----w C:\Documents and Settings\Mike\Application Data\D-Link Media Server
2008-08-22 18:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-22 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 18:15 --------- d-----w C:\Program Files\Java
2008-08-22 16:13 --------- d-----w C:\Program Files\Azureus
2008-08-16 02:09 --------- d-----w C:\Documents and Settings\Mike\Application Data\dvdcss
2008-08-15 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaMall
2008-08-15 00:24 --------- d-----w C:\Documents and Settings\Mike\Application Data\Apple Computer
2008-08-14 19:57 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 15:55 --------- d-----w C:\Documents and Settings\Mike\Application Data\Azureus
2008-08-12 18:28 --------- d-----w C:\Program Files\QuickTime
2008-08-10 20:41 --------- d-----w C:\Program Files\Internet Radio Recorder
2008-08-03 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 00:05 --------- d-----w C:\Documents and Settings\Mike\Application Data\MediaServerDump
2008-07-22 01:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-21 03:16 --------- d-----w C:\Program Files\Picasa2
2008-07-21 02:59 --------- d-----w C:\Program Files\Sun
2008-07-08 02:58 --------- d-----w C:\Program Files\D-Link Media Server
2008-07-08 02:22 --------- d-----w C:\Documents and Settings\Mike\Application Data\AdobeUM
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-04-30 18:49 92,064 -c--a-w C:\Documents and Settings\Mike\mqdmmdm.sys
2008-04-30 18:49 9,232 -c--a-w C:\Documents and Settings\Mike\mqdmmdfl.sys
2008-04-30 18:49 79,328 -c--a-w C:\Documents and Settings\Mike\mqdmserd.sys
2008-04-30 18:49 66,656 -c--a-w C:\Documents and Settings\Mike\mqdmbus.sys
2008-04-30 18:49 6,208 -c--a-w C:\Documents and Settings\Mike\mqdmcmnt.sys
2008-04-30 18:49 5,936 -c--a-w C:\Documents and Settings\Mike\mqdmwhnt.sys
2008-04-30 18:49 4,048 -c--a-w C:\Documents and Settings\Mike\mqdmcr.sys
2008-04-30 18:49 25,600 -c--a-w C:\Documents and Settings\Mike\usbsermptxp.sys
2008-04-30 18:49 22,768 -c--a-w C:\Documents and Settings\Mike\usbsermpt.sys
2007-05-29 05:17 81,920 ----a-w C:\Documents and Settings\Mike\Application Data\ezpinst.exe
2007-05-29 05:17 47,360 ----a-w C:\Documents and Settings\Mike\Application Data\pcouffin.sys
2006-03-19 16:36 13,824 -c--a-w C:\Documents and Settings\Mike\atwbxdet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-21_12.25.29.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 05:12:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-23 13:16:15 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-05 05:12:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-23 13:16:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-21 19:18:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-28 01:06:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-30 01:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-08-22 18:48:55 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-05-01 01:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
- 2008-08-21 19:18:21 225,097 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-28 00:52:14 225,102 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-08-21 19:10:16 76,266 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-28 00:56:19 76,266 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-21 19:10:17 443,916 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-28 00:56:19 443,916 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43 23165736]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"RegClean"="C:\Program Files\RegClean\RegClean.exe" [2007-03-30 16:45 10065392]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 17:12 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Mike\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-21 17:13:51 113664]
D-Link Media Server.lnk - C:\Program Files\D-Link Media Server\MediaGUI.exe [2008-07-07 19:58:32 1523831]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-03-13 19:02:09 25214]
HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552]
Logitech Harmony Remote V5.lnk - C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe [2006-02-22 15:47:44 94295]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wcnotify]
2007-08-09 17:16 14656 C:\WINDOWS\system32\WcNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"=
"C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MediaMall\\MediaMallServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-10-28 20:21]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-08-16 12:17]
R1 BeTwinSystem;BeTwinSystem;C:\WINDOWS\system32\Drivers\BeTwinSystem.sys [2007-08-09 17:15]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2000-01-07 10:00]
R2 MediaMall Server;MediaMall Server;C:\Program Files\MediaMall\MediaMallServer.exe [2007-10-09 16:57]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 03:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NativeTS

*Newly Created Service* - CATCHME
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-28 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
- C:\Program Files\RegClean\RegClean.exe [2007-03-30 16:45]

2008-08-28 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
- C:\Program Files\RegClean [2007-04-18 22:17]

2008-08-28 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-02-21 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-08-28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C34135C4-C5CE-440A-B981-1BFF8E5F71A9}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\xx0vemed.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 20:22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-27 20:29:42
ComboFix-quarantined-files.txt 2008-08-28 03:29:23
ComboFix2.txt 2008-08-23 02:17:43
ComboFix3.txt 2008-08-22 18:07:58
ComboFix4.txt 2008-08-21 22:49:53
ComboFix5.txt 2008-08-28 03:06:12

Pre-Run: 118,643,957,760 bytes free
Post-Run: 118,631,075,840 bytes free

261
 
Hi

Start hjt, do a system scan, check (if found):
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)

Close browsers and fix checked.


Please download SafeBootKeyRepair.exe by sUBs to repair Safe Mode.

http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.


Are you able to run Kaspersky online scanner now? If you are, run it and post back its report. Post a fresh hjt log too.
 
Next step

Deleted O2-BHO: Google.... using HJT

Ran tKeyRepair.exe

Tried to run Kaspersky online scanner. Used Firefox so not to risk IEXPLORE.
Kaspersky went through the initialization process and then crashed as soon as it started the scan. Will try it one more time.

After reboot I ran HJT again.

Here is the HJT log followed by the tKeyRepair log.

---------------------------
HJT
-------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:54 AM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\D-Link Media Server\MediaGUI.exe
C:\Program Files\D-Link Media Server\MediaServer.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Temp\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegClean] "C:\Program Files\RegClean\RegClean.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1217908534546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217908520187
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://12.30.180.135/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.provigent.com/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: wcnotify - C:\WINDOWS\SYSTEM32\wcnotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files\MediaMall\MediaMallServer.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10500 bytes

---------------------------------
SAFEBOOT
----------------------------------

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
 
Safe Boot and Kaspersky crash

Tried Safe Boot and it crashed again at the startup screen.
Tried Kaspersky on line for a second time, also crashed again.

I get the feeling something deep and ugly is in there.
 
Hi

Hjt log looks ok. Please defrag your hard drives and try running Kaspersky online scanner and GMER after that. Keep antivirus programs disabled during both scans.
 
Kaspersky wont run. Gmer log

Kaspersky on-line still crashes. Safe mode crashes.
GMER does run. Here is log.

------------------------------------
GMER report after it starts up - full scan follows
------------------------------------
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-28 13:58:15
Windows 5.1.2600 Service Pack 3


---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF3FFA6E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF3FFA750]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.14 ----



---------------------------------
GMER full scan
---------------------------------

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-28 14:17:57
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF3FFA81A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xF3FFADC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xF3FFC82A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xF3FFC1E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xF3FF9F90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF3FFE18C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xF3FFABC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xF3FFA3D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xF3FFA5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xF3FFC4EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xF3FFE698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF3FFA6E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF3FFA750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xF3FFC3A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xF3FFDC50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xF3FFC03C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xF3FFA0F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xF3FFA9E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xF3FFE1B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xF3FFA93E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xF3FFA7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xF3FFA4BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xF3FFA29A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xF3FFDEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xF3FF9C12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xF3FFD0B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xF3FF9D74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xF3FFE568]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xF3FF9A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xF3FFC6CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xF3FFACC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xF3FFDD4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xF3FFE1E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xF3FFA148]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xF3FFE2C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xF3FFE3F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xF3FFDB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xF3FFAA92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xF3FFAB04]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C94 12 Bytes [ C4, E2, FF, F3, F0, E3, FF, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAF9E 5 Bytes JMP F40113D6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4583 5 Bytes JMP F401101C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
? C:\WINDOWS\system32\drivers\sbapifs.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7117DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7117DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\USBSTOR.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\dot4usb.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\Dot4.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\Dot4Scan.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\Dot4Prt.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\bthport.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\STREAM.SYS[NTOSKRNL.EXE!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rfcomm.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\BthEnum.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\bthmodem.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Modem.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\TDTCP.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\RDPWD.SYS[ntoskrnl.exe!IoCreateDevice] [F7117D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0020e078b8e2
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0020e078b8e2@00149a467348 0x02 0x9B 0x7F 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e078b8e2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e078b8e2@00149a467348 0x02 0x9B 0x7F 0xFD ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA330100007706000000000020\Usage@PDFMakerForIE 958172943

---- EOF - GMER 1.0.14 ----
 
Unfortunately your log shows signs of a rootkit being present on your system.This means your PC is at risk now and sadly may always be.
The problem with rootkits is they are very hard to detect and extremely hard to remove completely.
Rootkits may also have what is known as a backdoor.The backdoor, if present, will give complete remote access to your system.This means someone will be able to steal any information stored on your PC including addresses, names and telephone numbers and more worryingly passwords, bank account details and any other financial information, basically they will have access to any data that you do.

At this point you have 2 options :-

OPTION 1

We attempt to remove the rootkit but will never really know if it is completely removed which means all the above applies.
There will be no guarantees with this option.

OPTION 2

We reformat your system.
This will destroy the rootkit but means you will have to reinstall everything.

My advice would be OPTION 2 It is the only safe, effective and positive way of dealing with this type of infection.
It will also be much quicker to reformat/reinstall than to attempt the removal.

I would like you to read the information over and when you have decided which option to choose post back and I will gladly assist with what ever route you choose to take.
 
bad news

Thanks for the advice.

I have to collect all my drivers and SW from my office to try to do the rebuild this weekend.

If you can list the initial steps to go through the reformat and install of XP it would be a useful guide. I have done it in the past, but a step by step won't hurt.

Can I be reasonably sure that the problem is only on the boot drive?

Is my data disk OK if the scans are clean?
 
Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top