Tech Support Forum - View Single Post

mohanlal2000 · 10-05-2007, 06:37 AM

Hi,

From the Add Remove Programs, I do not see Spy Hunter in there. There is Spyware Doctor. Is that an ok software? Should I do anything with that? Rest of the programs are fine.

Here is the Log for the Combofix.txt

ComboFix 07-10-04.5 - Administrator 10/04/2007 23:05:48.7 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.67 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt

FILE::
G:\WINNT\system32\ernrnrot.dll
G:\WINNT\system32\jlnnn.bak1
G:\WINNT\system32\jlnnn.bak2
G:\WINNT\system32\jlnnn.ini2
G:\WINNT\system32\mjtrmjnp.dll
G:\WINNT\system32\tlyyitep.dll
G:\WINNT\system32\ttstv.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Program Files\Enigma Software Group
G:\Program Files\Enigma Software Group\SpyHunter\Backup\180solutions.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bbchk.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdcore.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdupd.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bmupdate.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\community.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dsi.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dynamic Toolbar.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\exul.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Lycos.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\msbe.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2p networking.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2psetup.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\personals.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\photos.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\saap_kyf.dat.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\saaphook.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wcmdmgrl.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wdengine.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\webdriver.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\webp2pinstaller.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wt3d.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthost.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthostctl.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat
G:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.2.9_Patch1.exe
G:\Program Files\Enigma Software Group\SpyHunter\spyhunter.2.9_Patch2.exe
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe.BAK
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter_v2.9_Patch_by_AT4RE\SpyHunter.2.9\SpyHunter.2.9_Patch1.exe
G:\Program Files\Enigma Software Group\SpyHunter\support.log
G:\WINNT\system32\ernrnrot.dll
G:\WINNT\system32\jlnnn.bak1
G:\WINNT\system32\jlnnn.bak2
G:\WINNT\system32\jlnnn.ini2
G:\WINNT\system32\mjtrmjnp.dll
G:\WINNT\system32\tlyyitep.dll
G:\WINNT\system32\ttstv.bak2

.
((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-04 23:13 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_540.dat
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-01 18:21 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\Uniblue
2007-09-28 12:51 <DIR> d-------- G:\Program Files\Spyware Doctor
2007-09-28 12:51 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\PC Tools
2007-09-28 12:39 626,688 --a------ G:\WINNT\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 23:04 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-04 23:00 --------- d-------- G:\Program Files\TaxCut06
07-10-04 19:08 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-05 03:14:38 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 23:13:26
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 23:16:37 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 23:15
G:\ComboFix2.txt ... 07-10-04 19:09
G:\ComboFix3.txt ... 07-10-04 18:03
.
--- E O F ---

Here's the result of the online scanner:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 7:14:17 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 401392
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
L:\

Scan Statistics:
Total number of scanned objects: 111894
Number of viruses found: 20
Number of infected objects: 127
Number of suspicious objects: 5
Duration of the scan process: 03:23:54

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Temporary Internet Files\Content.IE5\SADLMAYU\exitpoplight[1].html Infected: Trojan.JS.NoClose.i skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 1 skipped
G:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007100420071005\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
G:\Program Files\Norton AntiVirus\Quarantine\07036A79 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\08FE0E2C.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\0B590470 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\0CD55D56 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\0DC346A9 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\120A342A.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\15C938EE.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\18204346 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A324FF Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A978F7 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18AC22F4 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18B04CF0 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\1ADF6F29 Infected: Trojan.Win32.Destiny skipped
G:\Program Files\Norton AntiVirus\Quarantine\1B631305.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C564B8B Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8A6B52 Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8E154E Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C913F4B Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\241E56FB Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FD666D1 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FE12D4D Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\300649EC.htm Suspicious: Exploit.HTML.Mht skipped
G:\Program Files\Norton AntiVirus\Quarantine\33E03589.html Infected: Trojan-Downloader.JS.Small.d skipped
G:\Program Files\Norton AntiVirus\Quarantine\360E5600 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\389850F9 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\43D67B12.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\52576547 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\529E0D9A Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.y skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CHM: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CryptFF: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\5BE66F90 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\5DE82146 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\618E7BE7 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\654A1892.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\695425E1 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\6C09396E.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7910043A.exe Infected: Trojan.Win32.Small.k skipped
G:\Program Files\Norton AntiVirus\Quarantine\7C323566.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7CF25A49 Infected: Trojan.Java.Nocheat skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir/Program Files/SysAI/SysAI.exe Infected: Trojan-Downloader.Win32.Apropo.c skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\WINNT\system32\aahprvxw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\agdnfjpl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\biedmegh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cbxumbgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ciortobg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cobruira.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ddebxecp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dmqtkljh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dygekctf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\efcfgobv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\egtuvvmb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\elygqacg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ewjkjifk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\fknhunpt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gdtmeftx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gkawthji.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hflofjtb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hitieyjs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hnucidix.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hvhaxoau.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\idfjfyvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iggvneky.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\immwpalk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iyytkidg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\jmenfmao.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\kkwhonga.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\klwnnumn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lmfbncvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lqljjkbs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lvklcpgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lwjlhtip.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nkhwlqfj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nmtdfxxx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\odrmnqjg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ogffwqce.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oifhkssa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oohxrbbk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qcbyfcbt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qhaoqhrm.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rfvpkpbv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rlkapqor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rrmrgkpa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ruwmjmby.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\sbbhclpx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\semxbhfs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\skhgoqxq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\tdsfkygl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\tnhrwqxg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\twiomldw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uamnikor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ufiudxdk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uootbioq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uqwxeqhn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vaawaubs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vgjebxfe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vkcchgrx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\waixyoal.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wcpblhvf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wddphlmx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wknlwilq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wyjeibsi.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xfjifrgp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xipiossy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xxsxpduu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ybiaxomk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ycxhmjjb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\WINNT\CSC\00000001 Object is locked skipped
G:\WINNT\Debug\ipsecpa.log Object is locked skipped
G:\WINNT\Debug\oakley.log Object is locked skipped
G:\WINNT\Debug\PASSWD.LOG Object is locked skipped
G:\WINNT\p37bLkH.dll Infected: Trojan-Downloader.Win32.Lemmy.r skipped
G:\WINNT\SchedLgU.Txt Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
G:\WINNT\SoftwareDistribution\EventCache\{D7132AAD-EA3D-40B5-B63F-02E206598E3D}.bin Object is locked skipped
G:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
G:\WINNT\Sti_Trace.log Object is locked skipped
G:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
G:\WINNT\system32\config\default Object is locked skipped
G:\WINNT\system32\config\default.LOG Object is locked skipped
G:\WINNT\system32\config\SAM Object is locked skipped
G:\WINNT\system32\config\SAM.LOG Object is locked skipped
G:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
G:\WINNT\system32\config\SECURITY Object is locked skipped
G:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
G:\WINNT\system32\config\software Object is locked skipped
G:\WINNT\system32\config\software.LOG Object is locked skipped
G:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
G:\WINNT\system32\config\system Object is locked skipped
G:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
G:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

Finally, HijackThis log just before typing this:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:18:24 AM, on 10/5/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\system32\csrss.exe
G:\WINNT\system32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINNT\system32\LEXBCES.EXE
G:\WINNT\system32\spoolsv.exe
G:\WINNT\system32\LEXPPS.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINNT\System32\svchost.exe
G:\WINNT\system32\hidserv.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\WINNT\system32\regsvc.exe
G:\WINNT\System32\SCardSvr.exe
G:\WINNT\system32\MSTask.exe
G:\Program Files\Spyware Doctor\svcntaux.exe
G:\WINNT\System32\WBEM\WinMgmt.exe
G:\WINNT\System32\mspmspsv.exe
G:\WINNT\system32\svchost.exe
G:\WINNT\Explorer.EXE
G:\WINNT\system32\mobsync.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
G:\WINNT\system32\pctspk.exe
G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
G:\Program Files\Microsoft Office\Office\OSA.EXE
G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
G:\WINNT\system32\wuauclt.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\internet explorer\iexplore.exe
G:\Program Files\Spyware Doctor\swdsvc.exe
G:\Prudential\Torrents\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w
O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6906 bytes

There were no problems encountered while performing these. And the machine seems to be working well too!!

Thanks once again for the ongoing help.

10-05-2007, 06:37 AM	#17 (permalink)
mohanlal2000 Registered User Join Date: Oct 2007 Posts: 13 OS: WIN 2000	Re: Machine Slow Down and Popups galore Hi, From the Add Remove Programs, I do not see Spy Hunter in there. There is Spyware Doctor. Is that an ok software? Should I do anything with that? Rest of the programs are fine. Here is the Log for the Combofix.txt ComboFix 07-10-04.5 - Administrator 10/04/2007 23:05:48.7 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.67 [GMT -4:00] Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt FILE:: G:\WINNT\system32\ernrnrot.dll G:\WINNT\system32\jlnnn.bak1 G:\WINNT\system32\jlnnn.bak2 G:\WINNT\system32\jlnnn.ini2 G:\WINNT\system32\mjtrmjnp.dll G:\WINNT\system32\tlyyitep.dll G:\WINNT\system32\ttstv.bak2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . G:\Program Files\Enigma Software Group G:\Program Files\Enigma Software Group\SpyHunter\Backup\180solutions.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\bbchk.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdcore.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdupd.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\bmupdate.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\community.url.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dsi.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dynamic Toolbar.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\exul.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\Lycos.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\msbe.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2p networking.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2psetup.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\personals.url.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\photos.url.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\saap_kyf.dat.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\saaphook.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wcmdmgrl.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wdengine.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\webdriver.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\webp2pinstaller.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wt3d.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthost.exe.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthostctl.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat G:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat G:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.2.9_Patch1.exe G:\Program Files\Enigma Software Group\SpyHunter\spyhunter.2.9_Patch2.exe G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe.BAK G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter_v2.9_Patch_by_AT4RE\SpyHunter.2.9\SpyHunter.2.9_Patch1.exe G:\Program Files\Enigma Software Group\SpyHunter\support.log G:\WINNT\system32\ernrnrot.dll G:\WINNT\system32\jlnnn.bak1 G:\WINNT\system32\jlnnn.bak2 G:\WINNT\system32\jlnnn.ini2 G:\WINNT\system32\mjtrmjnp.dll G:\WINNT\system32\tlyyitep.dll G:\WINNT\system32\ttstv.bak2 . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-04 23:13 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_540.dat 2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe 2007-10-01 18:21 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\Uniblue 2007-09-28 12:51 <DIR> d-------- G:\Program Files\Spyware Doctor 2007-09-28 12:51 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\PC Tools 2007-09-28 12:39 626,688 --a------ G:\WINNT\system32\msvcr80.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 07-10-04 23:04 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent 07-10-04 23:00 --------- d-------- G:\Program Files\TaxCut06 07-10-04 19:08 --------- d-------- G:\Program Files\Common Files\Symantec Shared 07-10-04 00:12 --------- d-------- G:\Program Files\eMule 07-10-02 22:52 --------- d-------- G:\Program Files\vso 07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE 07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me 07-09-28 17:26 --------- d-------- G:\Program Files\Media 07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos 07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos 07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink 07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast 07-08-29 22:33 --------- d-------- G:\Program Files\SopCast 07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus 07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder 07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE 07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe 03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini 03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt 02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll 02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll 02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll 01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys 00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe] "AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ] "SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ] "PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ] "PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe] "Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ] "StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ] "OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ] "ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ] "ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ] "UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ] "PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ] "Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00] G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS . Contents of the 'Scheduled Tasks' folder "2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job" "2007-10-05 03:14:38 G:\WINNT\Tasks\Symantec NetDetect.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 23:13:26 Windows 5.0.2195 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-10-04 23:16:37 - machine was rebooted G:\ComboFix-quarantined-files.txt ... 07-10-04 23:15 G:\ComboFix2.txt ... 07-10-04 19:09 G:\ComboFix3.txt ... 07-10-04 18:03 . --- E O F --- Here's the result of the online scanner: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, October 05, 2007 7:14:17 AM Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 5/10/2007 Kaspersky Anti-Virus database records: 401392 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ I:\ L:\ Scan Statistics: Total number of scanned objects: 111894 Number of viruses found: 20 Number of infected objects: 127 Number of suspicious objects: 5 Duration of the scan process: 03:23:54 Infected Object Name / Virus Name / Last Action C:\WINDOWS\Temporary Internet Files\Content.IE5\SADLMAYU\exitpoplight[1].html Infected: Trojan.JS.NoClose.i skipped C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 1 skipped G:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007100420071005\index.dat Object is locked skipped G:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped G:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped G:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE skipped G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip ZIP: suspicious - 1 skipped G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped G:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped G:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped G:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped G:\Program Files\Norton AntiVirus\Quarantine\07036A79 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\08FE0E2C.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\0B590470 Infected: Trojan.Java.Nocheat skipped G:\Program Files\Norton AntiVirus\Quarantine\0CD55D56 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\0DC346A9 Infected: Trojan.Java.Femad skipped G:\Program Files\Norton AntiVirus\Quarantine\120A342A.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\15C938EE.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\18204346 Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\18A324FF Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\18A978F7 Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\18AC22F4 Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\18B04CF0 Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\1ADF6F29 Infected: Trojan.Win32.Destiny skipped G:\Program Files\Norton AntiVirus\Quarantine\1B631305.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\1C564B8B Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\1C8A6B52 Infected: Net-Worm.Win32.Nimda skipped G:\Program Files\Norton AntiVirus\Quarantine\1C8E154E Infected: Net-Worm.Win32.Nimda skipped G:\Program Files\Norton AntiVirus\Quarantine\1C913F4B Infected: Net-Worm.Win32.Nimda skipped G:\Program Files\Norton AntiVirus\Quarantine\241E56FB Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\2FD666D1 Infected: Trojan.Java.Nocheat skipped G:\Program Files\Norton AntiVirus\Quarantine\2FE12D4D Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\300649EC.htm Suspicious: Exploit.HTML.Mht skipped G:\Program Files\Norton AntiVirus\Quarantine\33E03589.html Infected: Trojan-Downloader.JS.Small.d skipped G:\Program Files\Norton AntiVirus\Quarantine\360E5600 Infected: Trojan.Java.Femad skipped G:\Program Files\Norton AntiVirus\Quarantine\389850F9 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\43D67B12.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\52576547 Infected: Trojan.Java.Femad skipped G:\Program Files\Norton AntiVirus\Quarantine\529E0D9A Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\58630C8E/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.y skipped G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CHM: infected - 1 skipped G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CryptFF: infected - 1 skipped G:\Program Files\Norton AntiVirus\Quarantine\5BE66F90 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\5DE82146 Infected: Exploit.Java.ByteVerify skipped G:\Program Files\Norton AntiVirus\Quarantine\618E7BE7 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\654A1892.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\695425E1 Infected: Email-Worm.VBS.LoveLetter skipped G:\Program Files\Norton AntiVirus\Quarantine\6C09396E.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\7910043A.exe Infected: Trojan.Win32.Small.k skipped G:\Program Files\Norton AntiVirus\Quarantine\7C323566.htm Infected: Email-Worm.Win32.Mimail.r skipped G:\Program Files\Norton AntiVirus\Quarantine\7CF25A49 Infected: Trojan.Java.Nocheat skipped G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir/Program Files/SysAI/SysAI.exe Infected: Trojan-Downloader.Win32.Apropo.c skipped G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir ZIP: infected - 1 skipped G:\qoobox\Quarantine\G\WINNT\system32\aahprvxw.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\agdnfjpl.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\biedmegh.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\cbxumbgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ciortobg.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\cobruira.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ddebxecp.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\dmqtkljh.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\dygekctf.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\efcfgobv.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\egtuvvmb.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\elygqacg.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ewjkjifk.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\fknhunpt.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\gdtmeftx.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\gkawthji.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\hflofjtb.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\hitieyjs.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\hnucidix.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\hvhaxoau.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\idfjfyvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\iggvneky.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\immwpalk.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\iyytkidg.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\jmenfmao.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\kkwhonga.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\klwnnumn.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\lmfbncvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\lqljjkbs.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\lvklcpgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\lwjlhtip.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\nkhwlqfj.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\nmtdfxxx.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\odrmnqjg.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ogffwqce.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\oifhkssa.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\oohxrbbk.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\qcbyfcbt.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\qhaoqhrm.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\rfvpkpbv.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\rlkapqor.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\rrmrgkpa.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ruwmjmby.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\sbbhclpx.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\semxbhfs.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\skhgoqxq.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\tdsfkygl.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\tnhrwqxg.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\twiomldw.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\uamnikor.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ufiudxdk.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\uootbioq.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\uqwxeqhn.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\vaawaubs.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\vgjebxfe.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\vkcchgrx.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\waixyoal.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\wcpblhvf.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\wddphlmx.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\wknlwilq.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\wyjeibsi.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\xfjifrgp.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\xipiossy.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\xxsxpduu.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ybiaxomk.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\qoobox\Quarantine\G\WINNT\system32\ycxhmjjb.exe.vir Infected: Trojan.Win32.Agent.bck skipped G:\WINNT\CSC\00000001 Object is locked skipped G:\WINNT\Debug\ipsecpa.log Object is locked skipped G:\WINNT\Debug\oakley.log Object is locked skipped G:\WINNT\Debug\PASSWD.LOG Object is locked skipped G:\WINNT\p37bLkH.dll Infected: Trojan-Downloader.Win32.Lemmy.r skipped G:\WINNT\SchedLgU.Txt Object is locked skipped G:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped G:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped G:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped G:\WINNT\SoftwareDistribution\EventCache\{D7132AAD-EA3D-40B5-B63F-02E206598E3D}.bin Object is locked skipped G:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped G:\WINNT\Sti_Trace.log Object is locked skipped G:\WINNT\system32\config\AppEvent.Evt Object is locked skipped G:\WINNT\system32\config\default Object is locked skipped G:\WINNT\system32\config\default.LOG Object is locked skipped G:\WINNT\system32\config\SAM Object is locked skipped G:\WINNT\system32\config\SAM.LOG Object is locked skipped G:\WINNT\system32\config\SecEvent.Evt Object is locked skipped G:\WINNT\system32\config\SECURITY Object is locked skipped G:\WINNT\system32\config\SECURITY.LOG Object is locked skipped G:\WINNT\system32\config\software Object is locked skipped G:\WINNT\system32\config\software.LOG Object is locked skipped G:\WINNT\system32\config\SysEvent.Evt Object is locked skipped G:\WINNT\system32\config\system Object is locked skipped G:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped G:\WINNT\WindowsUpdate.log Object is locked skipped Scan process completed. Finally, HijackThis log just before typing this: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 7:18:24 AM, on 10/5/2007 Platform: Windows 2000 SP3 (WinNT 5.00.2195) Boot mode: Normal Running processes: G:\WINNT\System32\smss.exe G:\WINNT\system32\csrss.exe G:\WINNT\system32\winlogon.exe G:\WINNT\system32\services.exe G:\WINNT\system32\lsass.exe G:\WINNT\system32\svchost.exe G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe G:\WINNT\system32\LEXBCES.EXE G:\WINNT\system32\spoolsv.exe G:\WINNT\system32\LEXPPS.EXE G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe G:\WINNT\System32\svchost.exe G:\WINNT\system32\hidserv.exe G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE G:\WINNT\system32\regsvc.exe G:\WINNT\System32\SCardSvr.exe G:\WINNT\system32\MSTask.exe G:\Program Files\Spyware Doctor\svcntaux.exe G:\WINNT\System32\WBEM\WinMgmt.exe G:\WINNT\System32\mspmspsv.exe G:\WINNT\system32\svchost.exe G:\WINNT\Explorer.EXE G:\WINNT\system32\mobsync.exe G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe G:\WINNT\system32\pctspk.exe G:\Program Files\Visioneer OneTouch\OneTouchMon.exe G:\Program Files\Common Files\Symantec Shared\ccApp.exe G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe G:\Program Files\Microsoft Office\Office\OSA.EXE G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe G:\WINNT\system32\wuauclt.exe G:\WINNT\system32\svchost.exe G:\Program Files\internet explorer\iexplore.exe G:\Program Files\Spyware Doctor\swdsvc.exe G:\Prudential\Torrents\HiJackThis_v2.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6906 bytes There were no problems encountered while performing these. And the machine seems to be working well too!! Thanks once again for the ongoing help.