Trouble with vundo?

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 1:30:25 AM 3/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.tmp
C:\WINDOWS\system32\pmkhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghkmp.tmp
C:\WINDOWS\system32\ghkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
Hi

Seemed to work this time :)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {15FDD0E0-28C0-430C-8CE6-25BCC9BF50E2} - C:\WINDOWS\system32\hgghgfg.dll (file missing)
O2 - BHO: (no name) - {284766F2-0489-4781-AD54-1351A644DDEB} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\udlsjttc.dll (file missing)
O2 - BHO: (no name) - {6AAB0AC8-CAD5-A5F8-AD0B-03C0DA5C0788} - C:\WINDOWS\system32\scspxmm.dll
O2 - BHO: (no name) - {922678F2-6116-42BA-A929-AEDC29543F2F} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O20 - Winlogon Notify: winnvy32 - winnvy32.dll (file missing)

Close all windows including browser and press fix checked

Reboot

Delete if present:

C:\WINDOWS\system32\scspxmm.dll

Empty Recycle Bin

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
 
Kaspersky is asking me to install a second active x download, but it has "(unverified publisher)" to the side of it. The antivirus database seems to be working and the install went fine. Should I ignore the second active x request?

thanks
 
hello,

The scan seemed to work fine, but I don't see a log file for Kaspersky. There is no save as text button though. Does that mean I need to install the second active x and rescan?

thanks for your help and guidance
 
hello,

The scan seemed to work fine, but I don't see a log file for Kaspersky. There is no save as text button though. Does that mean I need to install the second active x and rescan?

thanks for your help and guidance
 
Logfile of HijackThis v1.99.1
Scan saved at 12:11:12 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\TOSHIBA Multimedia Center\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe
C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\AntiVirus\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Toshiba\TOSHIBA Multimedia Center\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130400524921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
 
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 01, 2007 12:10:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/03/2007
Kaspersky Anti-Virus database records: 289412
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 102731
Number of viruses found: 15
Number of infected objects: 100
Number of suspicious objects: 0
Duration of the scan process: 01:18:43

Infected Object Name / Virus Name / Last Action
C:\!KillBox\winnvy32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\AntiVirus\backups\backup-20070330-115009-499.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-31_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\54D800AA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C199831F.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2561485299_4521984_82207 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{9FF00C3A-6B25-4209-B857-3F00F2C8644F}.TmpSBE Object is locked skipped
C:\Documents and Settings\Dave Levins\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Dave Levins\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\MSHist012007033120070401\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\mst98E.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\win99A.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DF3FE6.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DF400E.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DFEE00.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\M96V6LFA\lo1[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\M96V6LFA\lo1[3] Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\M96V6LFA\xc60[1].exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\TOC4DVY4\anti4[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\X3SLW7V6\45aTq2V13X[1].exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Dave Levins\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave Levins\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
 
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043496.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043501.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043509.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043511.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043516.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043525.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043527.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043531.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043535.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043542.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043550.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043559.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044543.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044556.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047567.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047569.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047574.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047577.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047583.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047585.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047590.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047610.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047611.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047612.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047620.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047621.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047623.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047630.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047631.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047638.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047639.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047641.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047658.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047664.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049659.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049663.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049674.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049676.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049679.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049693.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049695.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049701.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049702.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049713.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049714.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049717.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049736.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP345\change.log Object is locked skipped
C:\VundoFix Backups\hgghgfg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\VundoFix Backups\pmnlk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\VundoFix Backups\udlsjttc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\ugshbhye.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\vtsqo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{01215F60-74F9-4362-A1B4-41339170A01E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awvvw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gebbyyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\WINDOWS\system32\gebyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\tvtfpbd.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\win103.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\win105.tmp.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\WINDOWS\Temp\win621.tmp.exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\Temp\win62A.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\win77.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\winE3.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\winEE.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\wnjnfxkq.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Empty Internet Explorer temporary internet files

Empty these folders:

C:\!KillBox\
C:\VundoFix Backups\
C:\WINDOWS\Temp\

Delete these:

C:\WINDOWS\system32\awvvw.dll.vir
C:\WINDOWS\system32\gebbyyw.dll.vir
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\tvtfpbd.dll
C:\wnjnfxkq.exe

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of HijackThis v1.99.1
Scan saved at 12:34:11 AM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\TOSHIBA Multimedia Center\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe
C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\AntiVirus\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130400524921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 02, 2007 12:32:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/04/2007
Kaspersky Anti-Virus database records: 289783
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 99365
Number of viruses found: 12
Number of infected objects: 82
Number of suspicious objects: 0
Duration of the scan process: 01:17:51

Infected Object Name / Virus Name / Last Action
C:\AntiVirus\backups\backup-20070330-115009-499.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\54D800AA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C199831F.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2561485299_4521984_82207 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{9FF00C3A-6B25-4209-B857-3F00F2C8644F}.TmpSBE Object is locked skipped
C:\Documents and Settings\Dave Levins\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Dave Levins\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\MSHist012007040120070402\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\mst98E.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\win99A.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DFBA7F.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DFBAF1.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave Levins\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
 
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043496.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043501.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043509.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043511.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043516.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043525.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043527.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043531.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043535.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043542.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043550.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043559.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044543.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044556.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047567.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047569.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047574.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047577.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047583.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047585.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047590.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047610.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047611.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047612.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047620.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047621.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047623.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047630.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047631.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047638.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047639.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047641.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047658.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047664.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049659.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049663.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049674.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049676.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049679.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049693.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049695.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049701.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049702.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049713.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049714.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049717.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049736.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049756.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049757.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049758.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{01215F60-74F9-4362-A1B4-41339170A01E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awvvw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gebyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Dave Levins\Local Settings\Temp\mst98E.tmp
C:\Documents and Settings\Dave Levins\Local Settings\Temp\win99A.tmp.exe
C:\WINDOWS\system32\awvvw.dll.vir
C:\WINDOWS\system32\gebyv.dll

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of HijackThis v1.99.1
Scan saved at 12:33:04 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\TOSHIBA Multimedia Center\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe
C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\AntiVirus\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Toshiba\TOSHIBA Multimedia Center\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Toshiba\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Toshiba\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130400524921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
 
KASPERSKY ONLINE SCANNER REPORT
Monday, April 02, 2007 12:28:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/04/2007
Kaspersky Anti-Virus database records: 289939
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 98682
Number of viruses found: 12
Number of infected objects: 84
Number of suspicious objects: 0
Duration of the scan process: 01:17:11

Infected Object Name / Virus Name / Last Action
C:\AntiVirus\backups\backup-20070330-115009-499.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FD8395B8.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2561485299_2883584_28932 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{68906C3D-2906-4853-AB30-E254283B0023}.TmpSBE Object is locked skipped
C:\Documents and Settings\Dave Levins\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Dave Levins\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\History\History.IE5\MSHist012007040220070403\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DF196D.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temp\~DF1988.tmp Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Levins\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave Levins\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
 
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043496.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043501.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043509.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043511.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043516.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043525.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043527.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043531.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043535.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043542.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043550.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0043559.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044543.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP340\A0044556.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0045553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046549.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046551.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0046553.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047567.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047569.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047574.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047577.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047583.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047585.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP341\A0047590.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047610.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047611.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047612.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047620.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047621.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047623.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047630.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047631.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047638.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047639.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047641.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047658.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0047664.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049659.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049660.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049663.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049674.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049676.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP343\A0049679.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049693.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049695.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049701.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049702.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049713.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049714.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049717.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP344\A0049736.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049756.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049757.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP346\A0049758.exe Infected: not-virus:Hoax.Win32.Renos.hj skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049769.sys Infected: Rootkit.Win32.Agent.ec skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049771.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049779.exe Infected: Trojan.Win32.Agent.aia skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049780.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ic skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\A0049781.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E822831D-6672-4A51-A0A5-83B49A260059}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0484509B-B333-44BD-8C12-4BC6065F6689}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Logs look good.

You have viruses but they're all on system restore which can be easily cleaned; you'll get instructions for that later

Other than that, how are things running now?
 
It's running a lot better than it was. I haven't seen a pop up in quite some time now which is beautiful. This is a great thing that you do...helping the helpless in the computer age. Thank you so much.

What do I do next?
 
You must log in or register to reply here.
Back
Top