Thread: Help
View Single Post
Old 08-07-2007, 02:47 PM   #9 (permalink)
wcoleman
Registered User
 
Join Date: Aug 2007
Posts: 9
OS: xp


Re: Help
Everything went smoothly. The computer seems to be working better, there is no random pop-up ads


ComboFix 07-08-07.6 - "SERVICE DIRECTOR" 2007-08-07 14:17:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.636 [GMT -4:00]
Command switches used :: C:\Documents and Settings\SERVICE DIRECTOR\Desktop\anti virus\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\jugjuygbt.exe
C:\WINDOWS\tahtyemkme.exe
C:\WINDOWS\hntrguytr_exe.vir
C:\WINDOWS\esagtrhtr.exe
C:\WINDOWS\lipjnawA.exe
C:\WINDOWS\system32\WinCore32.exe
C:\Windows\xpupdate.exe
c:\windows\system32\lsdsregr.exe
C:\WINDOWS\system32\cncersh.exe
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\g4356cbvy63
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\jdnems.exe
C:\WINDOWS\system32\schlfuot.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\esagtrhtr.exe
C:\WINDOWS\hntrguytr_exe.vir
C:\WINDOWS\jugjuygbt.exe
C:\WINDOWS\lipjnawA.exe
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\system32\ipsaaykr.exe
C:\WINDOWS\system32\nbkdms.exe
C:\WINDOWS\system32\schehwcq.exe
C:\WINDOWS\system32\seconijl.exe
C:\WINDOWS\tahtyemkme.exe


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 12:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-07 10:41 <DIR> d-------- C:\Deckard
2007-08-07 10:33 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-07 09:18 <DIR> d-------- C:\ie-spyad
2007-08-07 09:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-07 09:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-06 16:25 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-06 15:52 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-06 15:52 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-06 09:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-03 17:22 <DIR> d-------- C:\Temp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 12:47 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-07 10:10 --------- d-------- C:\Program Files\Messenger
2007-08-07 10:08 --------- d-------- C:\Program Files\Digital Line Detect
2007-08-06 09:44 --------- d-------- C:\Program Files\Windows NT
2007-08-06 09:11 --------- d-------- C:\Program Files\Dell
2007-08-03 17:24 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-08-03 17:24 14336 --a------ C:\WINDOWS\system32\dllcache\svchost.exe
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 05:24 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2006-06-14 12:36:43 88 --sh--r C:\WINDOWS\system32\658F1B98B2.sys
2006-06-14 12:36:45 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-07 19:52]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

C:\Documents and Settings\SERVICE DIRECTOR\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-07 19:49:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 18:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
"BITS"=3 (0x3)

R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 Crystal Query Server;Crystal Query Server;"C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-07 17:14:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 14:18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 14:19:02
C:\ComboFix-quarantined-files.txt ... 2007-08-07 14:18
C:\ComboFix2.txt ... 2007-08-07 13:13

--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:17 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [DCOM Server 20509] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Microsoft\jqtwb.dll",run (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [irdmelt] 4E8.tmp (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: E-mail.lnk = ?
O4 - Global Startup: NETWORKLOGON.BAT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AdobeControl - http://www.lennoxdavenet.net/webdynp...obeControl.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.asdealernet.com/EBiz/App...Apps/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5928 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 4:44:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 376885
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 60178
Number of viruses found: 30
Number of infected objects: 147
Number of suspicious objects: 0
Duration of the scan process: 00:44:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08062007-162525.log Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Microsoft\jqtwb.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Documents and Settings\LocalService\Application Data\Microsoft\qtzqzak.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Desktop\WALTS FOLDER\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\SERVICE DIRECTOR\Desktop\WALTS FOLDER\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CA8C8C23-DD58-4E5D-A0DA-DCBA2DBF880D} Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SERVICE DIRECTOR\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\meso2.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\meso4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\QooBox\Quarantine\C\WINDOWS\esagtrhtr.exe.vir Infected: Trojan-Proxy.Win32.Slaper.u skipped
C:\QooBox\Quarantine\C\WINDOWS\lipjnawA.exe.vir Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\QooBox\Quarantine\C\WINDOWS\spooldr.exe.vir Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gmc.exe.exe.vir Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kernelwind32.exe.vir Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pkuh.dll.vir Infected: Backdoor.Win32.Agent.adr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qjwcee.dll.vir Infected: Backdoor.Win32.Agent.adr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg4am1et2.exe.vir Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga3me2.exe.vir Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga4m1et4.exe.vir Infected: Email-Worm.Win32.Zhelatin.gk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCore32.exe.vir Infected: Trojan-Downloader.Win32.Agent.byh skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\catchme2007-08-07_131122.48.zip/ddaby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped
C:\QooBox\Quarantine\catchme2007-08-07_131122.48.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013622.exe Infected: Email-Worm.Win32.Zhelatin.gh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013624.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013625.exe Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013626.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013627.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013628.exe Infected: Email-Worm.Win32.Zhelatin.gk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013629.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013633.exe Infected: Trojan-Downloader.Win32.Agent.byh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013637.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013643.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013644.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP343\A0013646.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0014643.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0014644.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0014645.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015641.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015642.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015644.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015661.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015662.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015663.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP344\A0015665.exe Infected: Trojan-Proxy.Win32.Slaper.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP347\A0015791.dll Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016653.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016653.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016653.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016660.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016661.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016662.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0016665.exe Infected: Backdoor.Win32.SdBot.blh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0017660.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0017661.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0017662.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0018659.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0018660.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0018661.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0019770.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0019771.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0019772.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0020768.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0020769.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0020770.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0021766.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0021767.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP351\A0021768.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021862.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021863.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021864.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021865.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021866.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021867.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021867.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021868.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021869.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021883.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021883.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021888.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021889.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021889.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021889.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021889.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021889.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021891.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021891.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021910.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021911.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0021912.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0022927.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0022928.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP353\A0022929.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0022997.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0023075.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0023076.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0023078.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0023153.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0023154.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0023155.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023199.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023200.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023201.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023210.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023211.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP359\A0023212.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023224.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023225.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023226.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023412.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023413.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023414.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023426.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023427.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0023428.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024424.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024425.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024426.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024432.exe Infected: Email-Worm.Win32.Zhelatin.gk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024435.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024436.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024441.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024444.exe Infected: Email-Worm.Win32.Zhelatin.gh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024445.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0024446.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024462.exe:exe.exe:$DATA Infected: Trojan.Win32.Obfuscated.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024479.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024480.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024481.exe Infected: Trojan-Downloader.Win32.Small.erg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024482.exe Infected: Email-Worm.Win32.Zhelatin.gk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024489.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024492.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024493.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024494.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024495.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024503.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024506.exe Infected: Trojan-Downloader.Win32.Agent.byh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024507.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0024507.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0025419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0025521.exe Infected: Trojan-Downloader.Win32.Tibs.mv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0025529.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0025599.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP362\A0025600.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP363\A0025629.exe Infected: Trojan-Proxy.Win32.Slaper.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP363\A0025630.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP363\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{71B88029-50EA-4477-8D68-974F2F963DF2}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8621.sys Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_1d4.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Attached Files
File Type: txt hijackthis2.txt (5.8 KB, 2 views)
File Type: txt log2.txt (8.8 KB, 1 views)
File Type: txt kasperskyscan.txt (51.9 KB, 1 views)
Last edited by sUBs; 08-07-2007 at 03:14 PM.
wcoleman is offline