Tech Support Forum - View Single Post - Constant Pop-Ups: Smitfraud-C.CoreService

jonniegirl77 · 01-07-2008, 04:11 PM

Okay, Ried:

Hopefully, I did everything below right! Let me know if there is anything I missed.

Thank you again for your help! I really, really appreciate it.

C:\ComboFix.txt:

ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 15:55:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica Holbrook\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\mr9

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys
2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys
2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS
2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO
2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec
2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40 . 2008-01-07 15:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-01 22:15 . 2008-01-07 15:55 <DIR> d-------- C:\Program Files\kernel
2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD
2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys
2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 20:55 --------- d-----w C:\Program Files\Windows Defender
2008-01-07 20:55 --------- d-----w C:\Program Files\Microsoft Works
2008-01-07 20:55 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-05 16:00 --------- d-----w C:\Program Files\Google
2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks
2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT
2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell
2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 14:51 --------- d-----w C:\Program Files\Canon
2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon
2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools
2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002
2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth
2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba
2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-11-15 18:57 --------- d-----w C:\Program Files\Dell
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-15 18:00 --------- d-----w C:\Program Files\Intel
2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom
2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 22:49 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-05 11:58 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-01 22:49 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-01 22:48 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-01 22:48 974848]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-01 22:48 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-01 22:48 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-01 22:49 131072]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2008-01-01 22:49 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2008-01-01 22:49 331830]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2008-01-01 22:49 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 22:49 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18

54]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 15:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 15:57:08
ComboFix-quarantined-files.txt 2008-01-07 20:56:59
ComboFix2.txt 2008-01-07 16:36:46
ComboFix3.txt 2008-01-07 16:27:22
.
2008-01-04 12:45:26 --- E O F ---

C:\SDFix\Report.txt:

SDFix: Version 1.124

Run by Jessica Holbrook on Mon 01/07/2008 at 04:24 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDfix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\WINDOW~1\PROHDY~1.HTM - Deleted
C:\PROGRA~1\WINDOW~1\LAXURI - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 16:28:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414905e1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016414905e1]

scanning hidden registry entries ...

scanning hidden files ...

C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-01-07-0a5b.kc 272596 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 3 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0013.tmp"
Sat 29 Dec 2007 36,352 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0412.tmp"
Fri 28 Dec 2007 34,816 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0633.tmp"
Sat 29 Dec 2007 40,448 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0890.tmp"
Sat 29 Dec 2007 41,472 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1976.tmp"
Sat 29 Dec 2007 35,840 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1989.tmp"
Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL2329.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Mon 19 Nov 2007 33,792 ...H. --- "C:\Documents and Settings\Jessica Holbrook\Application Data\Microsoft\Word\~WRL0004.tmp"

Finished!

Kaspersky results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 07, 2008 6:01:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/01/2008
Kaspersky Anti-Virus database records: 503926
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47200
Number of viruses found: 22
Number of infected objects: 117
Number of suspicious objects: 0
Duration of the scan process: 00:47:45

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMP10F.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPEF.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp EmbeddedEXE: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp EmbeddedEXE: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0809D4F2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\95A23A0B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\history.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\key3.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip/mrofinu1000106.exe.tmp Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-3045692-01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temp\~DFEE64.tmp Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst Mail MS Mail: infected - 8 skipped
C:\Documents and Settings\Jessica Holbrook\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\kernel\kernel.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip ZIP: infected - 1 skipped
C:\SDFix\backups\backups.zip/backups/prohdyge.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026408.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026409.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026410.exe Infected: Trojan.Win32.Pakes.bvs skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0026440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027456.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027703.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027708.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027741.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027818.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP107\change.log Object is locked skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004528.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004529.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007541.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007544.exe Infected: Trojan-Spy.Win32.Agent.aan skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025538.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025539.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025542.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025558.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025559.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025566.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025567.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025568.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025569.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025574.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025575.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025576.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025578.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025579.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025580.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025594.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025595.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025596.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025597.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025598.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025599.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025600.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025601.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025602.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025603.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025604.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025605.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025606.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025607.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025608.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025609.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025619.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025627.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025640.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025657.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025663.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025678.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025690.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025836.exe Infected: Trojan-Downloader.Win32.Agent.dzm skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025837.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025838.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025839.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025841.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025843.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025905.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP99\A0026175.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EB08022F-D1AC-40AE-AFC2-BE6FF3FDA10A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET6D60.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:53 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10645 bytes

Update on system behavior:

Since I have been back on the internet, I haven't had anything unusual happen--no pop-ups, no scrolling screen, or anything else.

01-07-2008, 04:11 PM	#9 (permalink)
jonniegirl77 Registered User Join Date: Jan 2008 Posts: 8 OS: XP	Re: Constant Pop-Ups: Smitfraud-C.CoreService Okay, Ried: Hopefully, I did everything below right! Let me know if there is anything I missed. Thank you again for your help! I really, really appreciate it. C:\ComboFix.txt: ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 15:55:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT -5:00] Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jessica Holbrook\Desktop\CFScript.txt * Created a new restore point FILE C:\n.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\n.bat C:\Temp C:\Temp\cEeer12\skAt.log C:\WINDOWS\mrofinu1000106.exe.tmp C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw C:\WINDOWS\system32\aj2 C:\WINDOWS\system32\ardCo18 C:\WINDOWS\system32\mr9 . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard 2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo 2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys 2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys 2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS 2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO 2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec 2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-01 22:40 . 2008-01-07 15:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd.exe 2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe 2008-01-01 22:15 . 2008-01-07 15:55 <DIR> d-------- C:\Program Files\kernel 2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD 2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso 2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio 2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe 2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys 2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire 2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 20:55 --------- d-----w C:\Program Files\Windows Defender 2008-01-07 20:55 --------- d-----w C:\Program Files\Microsoft Works 2008-01-07 20:55 --------- d-----w C:\Program Files\Lexmark 1200 Series 2008-01-05 16:00 --------- d-----w C:\Program Files\Google 2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks 2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire 2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT 2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat 2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat 2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat 2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell 2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell 2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT 2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe 2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-21 14:51 --------- d-----w C:\Program Files\Canon 2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon 2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel 2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0 2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools 2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002 2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab 2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe 2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys 2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel 2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel 2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel 2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel 2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel 2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth 2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba 2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba 2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK 2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK 2007-11-15 18:57 --------- d-----w C:\Program Files\Dell 2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK 2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK 2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel 2007-11-15 18:00 --------- d-----w C:\Program Files\Intel 2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom 2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 22:49 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-05 11:58 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-01 22:49 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-01 22:48 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-01 22:48 974848] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-01 22:48 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-01 22:48 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-01 22:49 131072] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2008-01-01 22:49 24576] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2008-01-01 22:49 331830] "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2008-01-01 22:49 57344] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 22:49 39792] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00] BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54] Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 1854] R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07] R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27] . Contents of the 'Scheduled Tasks' folder "2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 15:56:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2008-01-07 15:57:08 ComboFix-quarantined-files.txt 2008-01-07 20:56:59 ComboFix2.txt 2008-01-07 16:36:46 ComboFix3.txt 2008-01-07 16:27:22 . 2008-01-04 12:45:26 --- E O F --- C:\SDFix\Report.txt: SDFix: Version 1.124 Run by Jessica Holbrook on Mon 01/07/2008 at 04:24 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDfix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\PROGRA~1\WINDOW~1\PROHDY~1.HTM - Deleted C:\PROGRA~1\WINDOW~1\LAXURI - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 16:28:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414905e1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016414905e1] scanning hidden registry entries ... scanning hidden files ... C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-01-07-0a5b.kc 272596 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Fri 23 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 3 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0013.tmp" Sat 29 Dec 2007 36,352 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0412.tmp" Fri 28 Dec 2007 34,816 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0633.tmp" Sat 29 Dec 2007 40,448 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0890.tmp" Sat 29 Dec 2007 41,472 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1976.tmp" Sat 29 Dec 2007 35,840 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1989.tmp" Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL2329.tmp" Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Mon 19 Nov 2007 33,792 ...H. --- "C:\Documents and Settings\Jessica Holbrook\Application Data\Microsoft\Word\~WRL0004.tmp" Finished! Kaspersky results: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, January 07, 2008 6:01:18 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/01/2008 Kaspersky Anti-Virus database records: 503926 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 47200 Number of viruses found: 22 Number of infected objects: 117 Number of suspicious objects: 0 Duration of the scan process: 00:47:45 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMP10F.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPEF.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp EmbeddedEXE: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp EmbeddedEXE: infected - 1 skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp EmbeddedEXE: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.ldb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.sds Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0809D4F2.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\95A23A0B.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\cert8.db Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\history.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\key3.db Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\parent.lock Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\search.sqlite Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip/mrofinu1000106.exe.tmp Infected: Trojan-Downloader.Win32.Agent.gwh skipped C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip ZIP: infected - 1 skipped C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-3045692-01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Temp\~DFEE64.tmp Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst Mail MS Mail: infected - 8 skipped C:\Documents and Settings\Jessica Holbrook\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jessica Holbrook\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\kernel\kernel.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\QooBox\Quarantine\C\Program Files\Temporary\kernInstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip ZIP: infected - 1 skipped C:\SDFix\backups\backups.zip/backups/prohdyge.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026408.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026409.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026410.exe Infected: Trojan.Win32.Pakes.bvs skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0026440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027456.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027703.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027708.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027741.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027818.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP107\change.log Object is locked skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004528.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004529.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007541.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007544.exe Infected: Trojan-Spy.Win32.Agent.aan skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025538.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025539.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025542.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025558.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025559.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025566.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025567.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025568.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025569.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025574.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025575.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025576.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025578.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025579.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025580.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025594.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025595.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025596.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025597.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025598.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025599.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025600.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025601.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025602.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025603.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025604.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025605.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025606.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025607.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025608.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025609.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025619.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025627.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025640.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025657.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025663.exe Infected: Trojan-Downloader.Win32.VB.caw skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025678.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025690.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025836.exe Infected: Trojan-Downloader.Win32.Agent.dzm skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025837.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025838.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025839.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025841.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025843.exe Infected: Trojan.Win32.Agent.cmn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025905.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe EmbeddedEXE: infected - 1 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe EmbeddedEXE: infected - 1 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe EmbeddedEXE: infected - 1 skipped C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP99\A0026175.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{EB08022F-D1AC-40AE-AFC2-BE6FF3FDA10A}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\JET6D60.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. New HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:01:53 PM, on 1/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\WINDOWS\stsystra.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10645 bytes Update on system behavior:** Since I have been back on the internet, I haven't had anything unusual happen--no pop-ups, no scrolling screen, or anything else.