Stubbornly infected

T

tomoneal

New member
I've struggled on my own with this but have gotten nowhere! If you can help me with this I would greatly appreciate it!

It looks like it will require sevaral posts to get it all through.

Here is the Kaspersky report (Part1)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 4:48:34 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435896
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 147072
Number of viruses found: 38
Number of infected objects: 304
Number of suspicious objects: 4
Duration of the scan process: 02:06:35

Infected Object Name / Virus Name / Last Action
C:\!KillBox\ssqrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 1) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 2) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 3) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 4) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 5) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 6) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 7) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/popinstall.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/retadpu1000106.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/tuvsqon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/fccdaby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/lfqighte.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric19.zip/nqeugbmv.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric23.zip/ydalgyki.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric26.zip/bxcaxwpa.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric31.zip/mhxqtrcw.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric34.zip/tidfpomt.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric39.zip/cggcuyfw.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric39.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/vhtdcuhh.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop.zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop1.zip/winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop3.zip/UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop6.zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop7.zip/winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop9.zip/UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu77.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip/retadpu77.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7F559A4D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\aeelkvuy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dfcxmbll.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lwhtjmqb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mexqacox.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nhhbpxjs.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\osmoyest.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qbkkppbh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qdufsskp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qgpcounk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\tpwgrfxy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\vcdxaigv.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wifxftys.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xalkfkxt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181404.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181412.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181423.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181434.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181435.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181436.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181437.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181438.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181439.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181449.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181473.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP885\A0181514.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181555.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181556.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181557.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181557.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181593.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182613.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182619.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182626.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP891\A0183644.exe Infected: Trojan.Win32.BHO.ab skipped
 
Kaspersky report - part 2

C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP892\A0183654.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP892\A0183655.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP893\A0183670.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP893\A0183671.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP894\A0185669.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP894\A0185670.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185715.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185717.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185718.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185719.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185721.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185723.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185734.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185735.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185736.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185746.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185747.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185748.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185760.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185774.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185775.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185932.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185933.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185934.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185938.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185955.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185956.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185959.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185960.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186030.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186031.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186032.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186033.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186034.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186035.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186036.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186037.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186038.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186039.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186040.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186197.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP900\A0186207.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP900\A0186224.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186248.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186256.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186262.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP903\A0187262.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP904\A0187269.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP906\A0187289.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP906\A0187303.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP907\A0187314.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP908\A0187326.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP909\A0187334.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP910\A0187364.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP912\A0187392.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP913\A0187398.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP914\A0187407.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP916\A0188407.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP916\A0188414.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP917\A0189428.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP918\A0190417.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191422.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191427.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191429.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191431.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP922\A0191461.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP922\A0191462.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191479.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191486.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191492.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191504.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP925\A0191541.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191555.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191568.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191577.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0192578.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193578.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193586.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193588.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP927\A0193607.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP927\A0193629.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP928\A0193642.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP928\A0193653.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP929\A0193670.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP938\A0194925.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP938\A0194927.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP939\A0194940.dll Infected: Trojan.Win32.BHO.hj skipped
 
Kaspersky report - part 3 (end)

C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP944\A0197015.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP945\A0198015.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP946\A0198031.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP948\A0198071.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP949\A0198093.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP951\A0198149.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP951\A0198155.dll Infected: Trojan.Win32.Pakes.eb skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP956\A0198242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198629.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198696.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198700.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198739.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198752.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198753.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198754.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198755.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198756.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198757.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198758.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198759.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198760.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198761.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198762.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198763.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198764.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198765.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198766.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198767.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198768.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198769.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198770.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198771.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198772.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198773.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198774.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198775.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198776.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198777.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198778.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198779.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198780.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198781.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198782.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198783.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198784.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198785.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198787.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198789.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198790.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198791.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198792.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198793.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198794.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198795.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198796.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198797.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198798.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198799.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198800.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198801.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198802.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198803.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198804.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198805.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198806.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198807.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198808.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198809.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198810.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198811.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198812.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198813.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198814.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198815.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198816.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198817.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198818.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198819.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198820.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198821.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198822.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198823.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198824.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198825.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198826.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198827.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198828.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198829.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198830.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198831.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198832.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198833.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198834.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198834.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198835.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198836.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198837.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198838.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198839.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198840.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198841.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198843.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198846.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP963\A0198869.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP971\A0202079.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP980\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hrlwsvwg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\jrhruvgw.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\WINDOWS\system32\jtiobxxt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acf skipped
C:\WINDOWS\system32\kdpqcfnf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\lqkjljjf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\qmaxojkp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\system32\seiuiumh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\system32\ssqrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xqhxwfgs.dll Infected: Trojan.Win32.Pakes.sd skipped
C:\WINDOWS\system32\ydaqtawm.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:45 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\tesdydtm.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: palmOne Registration.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: TA_Start.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: palmOne Registration.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: TA_Start.lnk.disabled (User 'Default user')
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Startup: TA_Start.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prolyhd.html

--
End of file - 7679 bytes
 
Hi tomoneal

Rename HijackThis.exe to tomoneal.exe and post back a fresh HijackThis log, please :)
 
New log

Hi Shaba,

Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:05 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HJT\tomoneal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {38383561-C710-4048-BD7A-24647EE9F57A} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (disabled by BHODemon)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\bbdetcdf.dll
O2 - BHO: (no name) - {AA02D240-EBB2-4937-8C15-DA94DFE6043A} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {DC76D18F-9E06-465C-94C0-F7607476A5B1} - (no file)
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ltedrumh.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Startup: TA_Start.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prolyhd.html

--
End of file - 7993 bytes

If I attempt to run SpyBot after booting the computer, it just hangs. The log above was after attempting (without success) to run Spybot.

If I use procexp.exe to kill 4 occurrences of ssqrr.dll, and another process named with 8 varying letters, I can then run Spybot and remove malware. If you want the log after I do that please let me know.

Thank you very much for your help.
(I hope Finland's winters are better than Minnesota's have been lately!)
 
Hi

"(I hope Finland's winters are better than Minnesota's have been lately!)"

Well it depends :)

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

After that:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
 
Results of vundofix and combofix

Hi Shaba,

Here's the latest round. (ComboFix log will be in a second reply)

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:51:11 PM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\windows\system32\cbxuust.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\wvuvutu.dll

Beginning removal...

Attempting to delete C:\windows\system32\cbxuust.dll
C:\windows\system32\cbxuust.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvutu.dll
C:\WINDOWS\system32\wvuvutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:10:36 PM 9/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\ctgdpuwn.ini
C:\WINDOWS\system32\fccdaby.dll
C:\windows\system32\iqruylfx.ini
C:\WINDOWS\system32\ltrpybgp.dll
C:\WINDOWS\system32\nwupdgtc.dll
C:\WINDOWS\system32\pmnlk.dll
C:\windows\system32\xflyurqi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ctgdpuwn.ini
C:\WINDOWS\system32\ctgdpuwn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdaby.dll
C:\WINDOWS\system32\fccdaby.dll Has been deleted!

Attempting to delete C:\windows\system32\iqruylfx.ini
C:\windows\system32\iqruylfx.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ltrpybgp.dll
C:\WINDOWS\system32\ltrpybgp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwupdgtc.dll
C:\WINDOWS\system32\nwupdgtc.dll Has been deleted!

Attempting to delete C:\windows\system32\xflyurqi.dll
C:\windows\system32\xflyurqi.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 6:42:46 PM 9/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\ccdxnrih.dll
C:\WINDOWS\system32\pmnlk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ccdxnrih.dll
C:\WINDOWS\system32\ccdxnrih.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 6:49:10 PM 9/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\pmnlk.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 6:58:36 PM 9/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\pmnlk.dll

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:17:02 PM 9/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\pmnlk.dll

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:14:41 PM 9/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\eaeicgoc.dll
C:\WINDOWS\system32\gbsgtsvx.ini
C:\windows\system32\ixicsast.dll
C:\WINDOWS\system32\pmnlk.dll
C:\windows\system32\tsascixi.ini
C:\WINDOWS\system32\xvstgsbg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eaeicgoc.dll
C:\WINDOWS\system32\eaeicgoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gbsgtsvx.ini
C:\WINDOWS\system32\gbsgtsvx.ini Has been deleted!

Attempting to delete C:\windows\system32\ixicsast.dll
C:\windows\system32\ixicsast.dll Has been deleted!

Attempting to delete C:\windows\system32\tsascixi.ini
C:\windows\system32\tsascixi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvstgsbg.dll
C:\WINDOWS\system32\xvstgsbg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:59:57 PM 9/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\jcaehwtm.dll
C:\windows\system32\mtwheacj.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\rpvrbcrn.dll

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:31:16 PM 9/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\jcaehwtm.dll
C:\windows\system32\mtwheacj.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\rpvrbcrn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jcaehwtm.dll
C:\WINDOWS\system32\jcaehwtm.dll Has been deleted!

Attempting to delete C:\windows\system32\mtwheacj.ini
C:\windows\system32\mtwheacj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rpvrbcrn.dll
C:\WINDOWS\system32\rpvrbcrn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:40:48 PM 10/3/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:04:34 PM 10/10/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:49:09 AM 10/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\bbdetcdf.dll
C:\windows\system32\dllcache\aaaamon.dll
C:\windows\system32\eftffvfl.ini
C:\windows\system32\fjigenlk.dll
C:\windows\system32\jhjmrfel.dll
C:\windows\system32\jrhruvgw.dll
C:\windows\system32\klnegijf.ini
C:\windows\system32\ksuesnsx.ini
C:\windows\system32\ldgkawsp.dll
C:\windows\system32\lefrmjhj.ini
C:\windows\system32\lfvfftfe.dll
C:\windows\system32\mtdydset.ini
C:\windows\system32\mwatqady.ini
C:\WINDOWS\system32\opnmkii.dll__BHODemonDisabled
C:\windows\system32\pswakgdl.ini
C:\windows\system32\qdkqmqvy.dll
C:\windows\system32\rrqss.bak2
C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.tmp
C:\windows\system32\ssqrr.dll
C:\windows\system32\tesdydtm.dll
C:\windows\system32\wgvurhrj.ini
C:\WINDOWS\system32\xcqrcwgv.dll
C:\windows\system32\xsnseusk.dll
C:\windows\system32\ydaqtawm.dll
C:\windows\system32\yvqmqkdq.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bbdetcdf.dll
C:\WINDOWS\system32\bbdetcdf.dll Has been deleted!

Attempting to delete C:\windows\system32\dllcache\aaaamon.dll
C:\windows\system32\dllcache\aaaamon.dll Has been deleted!

Attempting to delete C:\windows\system32\eftffvfl.ini
C:\windows\system32\eftffvfl.ini Has been deleted!

Attempting to delete C:\windows\system32\fjigenlk.dll
C:\windows\system32\fjigenlk.dll Has been deleted!

Attempting to delete C:\windows\system32\jhjmrfel.dll
C:\windows\system32\jhjmrfel.dll Has been deleted!

Attempting to delete C:\windows\system32\jrhruvgw.dll
C:\windows\system32\jrhruvgw.dll Has been deleted!

Attempting to delete C:\windows\system32\klnegijf.ini
C:\windows\system32\klnegijf.ini Has been deleted!

Attempting to delete C:\windows\system32\ksuesnsx.ini
C:\windows\system32\ksuesnsx.ini Has been deleted!

Attempting to delete C:\windows\system32\ldgkawsp.dll
C:\windows\system32\ldgkawsp.dll Has been deleted!

Attempting to delete C:\windows\system32\lefrmjhj.ini
C:\windows\system32\lefrmjhj.ini Has been deleted!

Attempting to delete C:\windows\system32\lfvfftfe.dll
C:\windows\system32\lfvfftfe.dll Has been deleted!

Attempting to delete C:\windows\system32\mtdydset.ini
C:\windows\system32\mtdydset.ini Has been deleted!

Attempting to delete C:\windows\system32\mwatqady.ini
C:\windows\system32\mwatqady.ini Has been deleted!

Attempting to delete C:\windows\system32\pswakgdl.ini
C:\windows\system32\pswakgdl.ini Has been deleted!

Attempting to delete C:\windows\system32\qdkqmqvy.dll
C:\windows\system32\qdkqmqvy.dll Has been deleted!

Attempting to delete C:\windows\system32\rrqss.bak2
C:\windows\system32\rrqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini Has been deleted!

Attempting to delete C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\rrqss.tmp
C:\windows\system32\rrqss.tmp Has been deleted!

Attempting to delete C:\windows\system32\ssqrr.dll
C:\windows\system32\ssqrr.dll Has been deleted!

Attempting to delete C:\windows\system32\tesdydtm.dll
C:\windows\system32\tesdydtm.dll Has been deleted!

Attempting to delete C:\windows\system32\wgvurhrj.ini
C:\windows\system32\wgvurhrj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcqrcwgv.dll
C:\WINDOWS\system32\xcqrcwgv.dll Has been deleted!

Attempting to delete C:\windows\system32\xsnseusk.dll
C:\windows\system32\xsnseusk.dll Has been deleted!

Attempting to delete C:\windows\system32\ydaqtawm.dll
C:\windows\system32\ydaqtawm.dll Has been deleted!

Attempting to delete C:\windows\system32\yvqmqkdq.ini
C:\windows\system32\yvqmqkdq.ini Has been deleted!

Performing Repairs to the registry.
Done!

-----------------HJT--------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:42 AM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HJT\tomoneal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {38383561-C710-4048-BD7A-24647EE9F57A} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (disabled by BHODemon)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B98890BA-D96C-46EE-8D9E-A4243D4C72AA} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {DC76D18F-9E06-465C-94C0-F7607476A5B1} - (no file)
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Startup: TA_Start.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prolyhd.html

--
End of file - 7668 bytes
 
Combofix log

----------------------ComboFix-----------------

ComboFix 07-10-20.6 - Compaq_Owner 2007-10-21 11:01:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.240 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ASEMBL~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\MSN Gaming Zone\prolyhd.html
C:\Program Files\svhost
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahkjophp.ini
C:\WINDOWS\system32\aqxuhmyp.ini
C:\WINDOWS\system32\axlfgtoi.dll
C:\WINDOWS\system32\brvidnui.dll
C:\WINDOWS\system32\ccjnweif.ini
C:\WINDOWS\system32\cqkgbfgp.dll
C:\WINDOWS\system32\cvvbiymr.ini
C:\WINDOWS\system32\dqkjwmsp.dll
C:\WINDOWS\system32\eltvaowu.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\fiewnjcc.dll
C:\WINDOWS\system32\fjjljkql.ini
C:\WINDOWS\system32\fnfcqpdk.ini
C:\WINDOWS\system32\gwvswlrh.ini
C:\WINDOWS\system32\hajgawdq.dll
C:\WINDOWS\system32\hmuiuies.ini
C:\WINDOWS\system32\hrlwsvwg.dll
C:\WINDOWS\system32\huvrdumo.ini
C:\WINDOWS\system32\itokwblh.dll
C:\WINDOWS\system32\jmhrsnph.dll
C:\WINDOWS\system32\jnobmlul.dll
C:\WINDOWS\system32\jtiobxxt.dll
C:\WINDOWS\system32\jxdqxehp.ini
C:\WINDOWS\system32\kcyjjhpx.ini
C:\WINDOWS\system32\kdpqcfnf.dll
C:\WINDOWS\system32\kkhxldlv.ini
C:\WINDOWS\system32\kscovnto.dll
C:\WINDOWS\system32\ktwqcdnr.ini
C:\WINDOWS\system32\kycxbxqx.dll
C:\WINDOWS\system32\lqkjljjf.dll
C:\WINDOWS\system32\lyhxoije.dll
C:\WINDOWS\system32\mmxbhedy.dll
C:\WINDOWS\system32\ngbwhnkk.dll
C:\WINDOWS\system32\ocibxsui.dll
C:\WINDOWS\system32\omudrvuh.dll
C:\WINDOWS\system32\otnvocsk.ini
C:\WINDOWS\system32\pgfbgkqc.ini
C:\WINDOWS\system32\phexqdxj.dll
C:\WINDOWS\system32\phpojkha.dll
C:\WINDOWS\system32\pkjoxamq.ini
C:\WINDOWS\system32\psmwjkqd.ini
C:\WINDOWS\system32\pymhuxqa.dll
C:\WINDOWS\system32\qcbtagno.dll
C:\WINDOWS\system32\qmaxojkp.dll
C:\WINDOWS\system32\qogsxrer.dll
C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqxfdbps.dll
C:\WINDOWS\system32\qtchcplq.dll
C:\WINDOWS\system32\rerxsgoq.ini
C:\WINDOWS\system32\rmyibvvc.dll
C:\WINDOWS\system32\rndcqwtk.dll
C:\WINDOWS\system32\seiuiumh.dll
C:\WINDOWS\system32\seixafxs.dll
C:\WINDOWS\system32\shftbaae.dll
C:\WINDOWS\system32\sxfaxies.ini
C:\WINDOWS\system32\ufqxlotu.ini
C:\WINDOWS\system32\utolxqfu.dll
C:\WINDOWS\system32\vabteeha.dll
C:\WINDOWS\system32\vldlxhkk.dll
C:\WINDOWS\system32\wtsicom.exe
C:\WINDOWS\system32\wwqxgpwk.dll
C:\WINDOWS\system32\xphjjyck.dll
C:\WINDOWS\system32\xqhxwfgs.dll
C:\WINDOWS\system32\yrmgnvct.dll
C:\WINDOWS\wbun.exe
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-21 11:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 13:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:48 <DIR> d-------- C:\Program Files\Safer Networking
2007-10-13 22:19 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-06 22:31 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-10-06 22:30 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-06 22:30 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-06 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-10-03 20:01 <DIR> d-------- C:\Program Files\Olympus
2007-10-03 20:01 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2007-10-03 20:01 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2007-10-03 20:01 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll
2007-10-03 20:01 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL
2007-10-03 20:01 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2007-10-03 20:01 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS
2007-10-03 20:01 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 15:57 --------- d-----w C:\Program Files\HJT
2007-10-19 23:30 --------- d-----w C:\Program Files\THQ
2007-10-17 19:37 --------- d-----w C:\Program Files\World of Warcraft
2007-10-14 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-11 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 00:30 --------- d-----w C:\Program Files\SpywareGuard
2007-10-09 20:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-07 03:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-07 03:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-07 03:47 --------- d-----w C:\Program Files\Symantec
2007-10-04 01:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 17:33 --------- d-----w C:\Program Files\Warcraft III
2007-09-29 20:29 --------- d-----w C:\Program Files\SpywareBlaster
2007-09-26 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-25 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-30 22:44 --------- d-----w C:\Documents and Settings\Mom\Application Data\FileOpen
2007-08-30 22:44 --------- d-----w C:\Documents and Settings\Mom\Application Data\AdobeUM
2007-08-30 01:16 --------- d-----w C:\Program Files\Common Files\eSellerate
2007-08-30 01:16 --------- d-----w C:\Program Files\AnswersThatWork
2007-08-23 23:30 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Ventrilo
2007-08-23 15:01 --------- d-----w C:\Program Files\Ventrilo
2007-08-23 15:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38383561-C710-4048-BD7A-24647EE9F57A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98890BA-D96C-46EE-8D9E-A4243D4C72AA}]
C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC76D18F-9E06-465C-94C0-F7607476A5B1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSL Connection Manager"="C:\Program Files\INTEL\DSLSetup\ProDsl.exe" [2002-05-30 15:38]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-07 05:14]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ResChanger2004"="C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe" [2004-03-02 17:33]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
palmOne Registration.lnk.disabled [2007-09-12 11:43:20]
TA_Start.lnk.disabled [2007-09-16 11:45:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk.disabled [2007-10-03 20:01:27]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"SAVScan"=3 (0x3)
"SymWSC"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"VTTimer"=VTTimer.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"hoxypuc"=C:\Program Files\Windows NT\hoxypuc22011.exe
"SearchIndexer"=rundll32.exe "C:\WINDOWS\system32\vldlxhkk.dll",sitypnow

S2 P31LOAD;Intel(R) PRO/DSL 3220 USB Modem Firmware Loader;C:\WINDOWS\system32\DRIVERS\p31usbld.sys
S3 PRO3200P;Intel(R) USB ADSL Modem;C:\WINDOWS\system32\DRIVERS\p32d2kP.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 23:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 03:16:33 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 11:08:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 11:11:06 - machine was rebooted
.
--- E O F ---

Many thanks!
 
Hi

Your copy of VundoFix is quite old, but luckily ComboFix busted most of vundo :)

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {38383561-C710-4048-BD7A-24647EE9F57A} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (disabled by BHODemon)
O2 - BHO: (no name) - {B98890BA-D96C-46EE-8D9E-A4243D4C72AA} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {DC76D18F-9E06-465C-94C0-F7607476A5B1} - (no file)
O4 - Startup: TA_Start.lnk.disabled
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prolyhd.html

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Program Files\Windows NT\hoxypuc22011.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hoxypuc"=-
"SearchIndexer"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Next step..

Hi Shaba,

here are the logs. (Though I realize I omitted the reboot after HijackThis. Sorry - let me know if I should reboot and run it again. Also the last item on your list - 024 -Desktop Component etc - did not appear in the HijackThis list.)

ComboFix 07-10-20.6 - Compaq_Owner 2007-10-21 12:08:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\Windows NT\hoxypuc22011.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-21 11:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 13:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 13:48 <DIR> d-------- C:\Program Files\Safer Networking
2007-10-13 22:19 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-06 22:31 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-10-06 22:30 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-06 22:30 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-06 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-10-03 20:01 <DIR> d-------- C:\Program Files\Olympus
2007-10-03 20:01 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2007-10-03 20:01 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2007-10-03 20:01 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll
2007-10-03 20:01 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL
2007-10-03 20:01 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2007-10-03 20:01 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS
2007-10-03 20:01 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 16:59 --------- d-----w C:\Program Files\HJT
2007-10-19 23:30 --------- d-----w C:\Program Files\THQ
2007-10-17 19:37 --------- d-----w C:\Program Files\World of Warcraft
2007-10-14 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-11 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 00:30 --------- d-----w C:\Program Files\SpywareGuard
2007-10-09 20:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-07 03:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-07 03:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-07 03:47 --------- d-----w C:\Program Files\Symantec
2007-10-04 01:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 17:33 --------- d-----w C:\Program Files\Warcraft III
2007-09-29 20:29 --------- d-----w C:\Program Files\SpywareBlaster
2007-09-26 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-25 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-30 22:44 --------- d-----w C:\Documents and Settings\Mom\Application Data\FileOpen
2007-08-30 22:44 --------- d-----w C:\Documents and Settings\Mom\Application Data\AdobeUM
2007-08-30 01:16 --------- d-----w C:\Program Files\Common Files\eSellerate
2007-08-30 01:16 --------- d-----w C:\Program Files\AnswersThatWork
2007-08-23 23:30 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Ventrilo
2007-08-23 15:01 --------- d-----w C:\Program Files\Ventrilo
2007-08-23 15:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSL Connection Manager"="C:\Program Files\INTEL\DSLSetup\ProDsl.exe" [2002-05-30 15:38]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-07 05:14]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ResChanger2004"="C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe" [2004-03-02 17:33]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
palmOne Registration.lnk.disabled [2007-09-12 11:43:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk.disabled [2007-10-03 20:01:27]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"SAVScan"=3 (0x3)
"SymWSC"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"VTTimer"=VTTimer.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

S2 P31LOAD;Intel(R) PRO/DSL 3220 USB Modem Firmware Loader;C:\WINDOWS\system32\DRIVERS\p31usbld.sys
S3 PRO3200P;Intel(R) USB ADSL Modem;C:\WINDOWS\system32\DRIVERS\p32d2kP.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 23:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 03:16:33 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 12:12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-21 12:13:57
C:\ComboFix2.txt ... 2007-10-21 11:11
.
--- E O F ---

------------HJT-------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:33 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\tomoneal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6830 bytes


Thanks!
 
Norton

Hi Shaba,

(had to check)...

The Norton product is AntiVirus. I just updated it a while back, and the old version did have a firewall, but this one apparently does not. Windows firewall was turned off.
 
Hi

Then turn it immediately on again.

Re-scan with kaspersky

Post:

- a fresh hijackthis log
- kaspersky report
 
Kaspersky - Part 1

The firewall is on, and here are the logs.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 22, 2007 9:21:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/10/2007
Kaspersky Anti-Virus database records: 442787
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 137437
Number of viruses found: 40
Number of infected objects: 325
Number of suspicious objects: 4
Duration of the scan process: 02:20:55

Infected Object Name / Virus Name / Last Action
C:\!KillBox\ssqrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 1) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 2) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 3) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 4) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 5) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 6) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\!KillBox\ssqrr.dll( 7) Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/popinstall.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/retadpu1000106.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/tuvsqon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/fccdaby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/lfqighte.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric19.zip/nqeugbmv.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric23.zip/ydalgyki.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric26.zip/bxcaxwpa.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric31.zip/mhxqtrcw.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric34.zip/tidfpomt.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric39.zip/cggcuyfw.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric39.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/vhtdcuhh.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop.zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop1.zip/winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop3.zip/UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop6.zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop7.zip/winpop.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinpop7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop9.zip/UnInstall.exe Infected: Trojan.Win32.Small.oa skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu77.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip/retadpu77.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\3F182406.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\AAA4697C.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007102220071023\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\tmp66.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
 
Kaspersky - Part 2

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\axlfgtoi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cqkgbfgp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hrlwsvwg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\itokwblh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jnobmlul.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jtiobxxt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acf skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kdpqcfnf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lqkjljjf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\omudrvuh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pymhuxqa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qmaxojkp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\seiuiumh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\shftbaae.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vabteeha.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vldlxhkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xphjjyck.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xqhxwfgs.dll.vir Infected: Trojan.Win32.Pakes.sd skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181404.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181412.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP880\A0181423.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181434.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181435.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181436.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181437.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181438.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181439.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181449.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP882\A0181473.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP885\A0181514.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181555.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181556.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181557.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181557.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP889\A0181593.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182613.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182619.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP890\A0182626.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP891\A0183644.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP892\A0183654.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP892\A0183655.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP893\A0183670.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP893\A0183671.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP894\A0185669.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP894\A0185670.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185715.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185717.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185718.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185719.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185721.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185723.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185734.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185735.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185736.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185746.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185747.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185748.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185760.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185774.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP895\A0185775.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185932.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185933.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185934.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP896\A0185938.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185953.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185955.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185956.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185959.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0185960.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186030.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186031.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186032.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186033.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186034.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186035.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186036.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186037.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186038.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186039.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186040.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP897\A0186044.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186195.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP898\A0186197.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP900\A0186207.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP900\A0186224.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186248.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186256.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP901\A0186262.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP903\A0187262.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP904\A0187269.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP906\A0187289.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP906\A0187303.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP907\A0187314.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP908\A0187326.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP909\A0187334.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP910\A0187364.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP912\A0187392.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP913\A0187398.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP914\A0187407.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP916\A0188407.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP916\A0188414.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP917\A0189428.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP918\A0190417.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191422.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191427.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191429.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP920\A0191431.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP922\A0191461.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP922\A0191462.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191479.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191486.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191492.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP923\A0191504.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP925\A0191541.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191555.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191568.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0191577.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0192578.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193578.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193586.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP926\A0193588.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP927\A0193607.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP927\A0193629.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP928\A0193642.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP928\A0193653.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP929\A0193670.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP938\A0194925.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP938\A0194927.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP939\A0194940.dll Infected: Trojan.Win32.BHO.hj skipped
 
Kaspersky - Part 3

C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP944\A0197015.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP945\A0198015.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP946\A0198031.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP948\A0198071.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP949\A0198093.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP951\A0198149.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP951\A0198155.dll Infected: Trojan.Win32.Pakes.eb skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP956\A0198242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198629.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198696.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198700.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198739.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198752.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198753.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198754.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198755.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198756.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198757.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198758.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198759.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198760.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198761.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198762.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198763.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198764.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198765.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198766.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198767.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198768.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198769.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198770.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198771.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198772.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198773.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198774.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198775.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198776.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198777.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198778.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198779.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198780.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198781.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198782.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198783.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198784.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198785.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198787.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198789.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198790.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198791.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198792.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198793.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198794.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198795.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198796.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198797.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198798.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198799.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198800.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198801.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198802.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198803.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198804.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198805.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198806.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198807.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198808.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198809.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198810.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198811.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198812.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198813.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198814.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198815.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198816.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198817.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198818.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198819.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198820.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198821.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198822.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198823.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198824.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198825.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198826.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198827.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198828.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198829.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198830.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198831.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198832.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198833.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198834.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198834.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198835.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198836.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198837.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198838.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198839.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198840.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198841.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198842.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198843.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP962\A0198846.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP963\A0198869.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP971\A0202079.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP987\A0207324.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP990\A0208416.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP990\A0208421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP990\A0208426.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP990\A0208437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP990\A0208441.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208479.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208487.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acf skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208491.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208494.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208502.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208504.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208510.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208514.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208515.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208517.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP991\A0208518.dll Infected: Trojan.Win32.Pakes.sd skipped
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP996\change.log Object is locked skipped
C:\VundoFix Backups\bbdetcdf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\VundoFix Backups\jrhruvgw.dll.bad Infected: Trojan.Win32.Pakes.fr skipped
C:\VundoFix Backups\ssqrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\VundoFix Backups\xcqrcwgv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\VundoFix Backups\ydaqtawm.dll.bad Infected: Trojan.Win32.Pakes.fr skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
 
Kaspersky - Part 4 & HJT Log

C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

------------- HJT Log ---------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:53 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HJT\tomoneal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - S-1-5-18 Startup: palmOne Registration.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: palmOne Registration.lnk.disabled (User 'Default user')
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk.disabled
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7433 bytes


Thanks. Hope all is well on your end.
 
Hi

Empty these folders:

C:\VundoFix Backups\
C:\qoobox\Quarantine\
C:\!KillBox\
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\

Empty Recycle Bin

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Current status

Hi Shaba,

Cleared the folders per your instructions. I am not currently seeing the intrusive problems from before, though that computer doesn't get used as much during the week. (As my son uses it only for homework then. Yeah right. :) )

Here's what I do see. SpyBot is showing only one item after S&D: "MicrosoftWindowsSecurityCenter_Disabled." (DoubleClick & FastClick were apparently removed and didn't show up again after rerunning SpyBot after a reboot.)

(I left Norton Anti-Virus running when I left home this morning.)

Also in SpyBot under Startup, there are three entries that will not go away:

Windows/System32/awtqq.dll
opnmkii
Windows/System32/pmnlk.dll

If I toggle them off, they reset to ON, and if I remove them they reappear.

Thanks!
 
You must log in or register to reply here.
Back
Top