Tech Support Forum - View Single Post

Joshik · 01-24-2008, 05:29 AM

... continuation of Kaspersky report ...
------------------------------------------------

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{0E84052B-942D-4265-9F4E-95A97E9AC416}.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{0E84052B-942D-4265-9F4E-95A97E9AC416}.sds Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\60B6C2C6.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owe\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-1d366f01/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Owe\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-1d366f01 ZIP: infected - 1 skipped

C:\Documents and Settings\Owe\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owe\Lokala inställningar\Tidigare\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped

C:\Documents and Settings\Owe\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owe\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp ZIP: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp CryptFF: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\00B64B2F.class Infected: Trojan-Downloader.Java.OpenConnection.ak skipped

C:\Program\Norton AntiVirus\Quarantine\05982C1F Infected: Trojan-Downloader.JS.IstBar.b skipped

C:\Program\Norton AntiVirus\Quarantine\063C4F1B.tmp Infected: Trojan.Java.ClassLoader.i skipped

C:\Program\Norton AntiVirus\Quarantine\069541A4.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\09327290.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\09384689.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped

C:\Program\Norton AntiVirus\Quarantine\09384689.zip Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\093C7086.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\0B502C3C.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\0B535638.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\0BF06A0F Infected: not-a-virus:RemoteAdmin.PHP.RemView.a skipped

C:\Program\Norton AntiVirus\Quarantine\0C04125C Infected: Trojan-Downloader.Win32.TSUpdate.p skipped

C:\Program\Norton AntiVirus\Quarantine\103C641A.htm Infected: Trojan-Downloader.JS.Small.eo skipped

C:\Program\Norton AntiVirus\Quarantine\111123E7.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\111777E0.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\114F41A3.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\114F41A3.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\11C1686E.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Program\Norton AntiVirus\Quarantine\11C4126B.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\11C4126B.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\12BB116A.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program\Norton AntiVirus\Quarantine\13985565 Infected: Email-Worm.Win32.Zafi.b skipped

C:\Program\Norton AntiVirus\Quarantine\141D568C.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\14200089.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\16B27DF0.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\18220020.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\18A6399C.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar ZIP: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar CryptFF: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\18DC5953.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\19204B08.exe Infected: Trojan-Downloader.Win32.Small.atl skipped

C:\Program\Norton AntiVirus\Quarantine\19204B08.qtdfmp Infected: Trojan-Downloader.Win32.Small.atl skipped

C:\Program\Norton AntiVirus\Quarantine\19F14A22.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\19F81E1B.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\19F81E1B.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\19FB4817.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\1B6C5081.wmf Infected: Exploit.Win32.IMG-WMF.c skipped

C:\Program\Norton AntiVirus\Quarantine\1B707A7E.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped

C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program\Norton AntiVirus\Quarantine\1D940822.jar ZIP: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\1D940822.jar CryptFF: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\1D97321E.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\1E316775.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\1E4A419F.class Infected: Trojan.Java.ClassLoader.i skipped

C:\Program\Norton AntiVirus\Quarantine\1E4D6B9C.tmp Infected: Trojan.Java.ClassLoader.i skipped

C:\Program\Norton AntiVirus\Quarantine\23240A59/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped

C:\Program\Norton AntiVirus\Quarantine\23240A59 NSIS: infected - 1 skipped

C:\Program\Norton AntiVirus\Quarantine\23240A59 CryptFF: infected - 1 skipped

C:\Program\Norton AntiVirus\Quarantine\2575338E.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\26E3202B.exe Infected: Trojan-Dropper.Win32.Small.amd skipped

C:\Program\Norton AntiVirus\Quarantine\275C77DF Infected: Trojan-Dropper.Win32.Agent.aac skipped

C:\Program\Norton AntiVirus\Quarantine\2BED689F.tmp Infected: not-virus:Hoax.Win32.Renos.dv skipped

C:\Program\Norton AntiVirus\Quarantine\327E1AC9.htm Infected: Trojan-Downloader.JS.Psyme.dy skipped

C:\Program\Norton AntiVirus\Quarantine\339D72AF Infected: Packed.Win32.Tibs skipped

C:\Program\Norton AntiVirus\Quarantine\35506876.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Program\Norton AntiVirus\Quarantine\389B1EE1 Infected: Packed.Win32.Tibs skipped

C:\Program\Norton AntiVirus\Quarantine\3B716A2D.dll Infected: Trojan-Spy.Win32.Sters.l skipped

C:\Program\Norton AntiVirus\Quarantine\463B345C Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

C:\Program\Norton AntiVirus\Quarantine\46AF2949.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Program\Norton AntiVirus\Quarantine\48E90103 Infected: Trojan-Clicker.JS.Agent.e skipped

C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\Program\Norton AntiVirus\Quarantine\48ED2AFF Inno: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\48ED2AFF CryptFF: infected - 3 skipped

C:\Program\Norton AntiVirus\Quarantine\48F37EF8 Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

C:\Program\Norton AntiVirus\Quarantine\48F628F4 Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\Program\Norton AntiVirus\Quarantine\48FD7CED Infected: Trojan.Win32.Dialer.ay skipped

C:\Program\Norton AntiVirus\Quarantine\490450E6 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2 WiseSFX: infected - 4 skipped

C:\Program\Norton AntiVirus\Quarantine\49077AE2 CryptFF: infected - 4 skipped

C:\Program\Norton AntiVirus\Quarantine\548A542E.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program\Norton AntiVirus\Quarantine\54A644AB.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\55470C55.class Infected: Trojan-Downloader.Java.OpenConnection.ak skipped

C:\Program\Norton AntiVirus\Quarantine\5A436E7E.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program\Norton AntiVirus\Quarantine\5A46187A.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\5EC5480F.tmp Infected: Trojan.Java.ClassLoader.i skipped

C:\Program\Norton AntiVirus\Quarantine\640565C1.dll Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Program\Norton AntiVirus\Quarantine\64620ABA.php Infected: not-a-virus:RemoteAdmin.PHP.RemView.a skipped

C:\Program\Norton AntiVirus\Quarantine\68532A76.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program\Norton AntiVirus\Quarantine\6898690A.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\68EC6858 Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped

C:\Program\Norton AntiVirus\Quarantine\6B3D118E.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Program\Norton AntiVirus\Quarantine\6C150CE1.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped

C:\Program\Norton AntiVirus\Quarantine\6C3F2EB3.txt Infected: Trojan-Dropper.Win32.Small.amd skipped

C:\Program\Norton AntiVirus\Quarantine\6E756051.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\70A3204C.exe Infected: Trojan-Downloader.Win32.Tibs.cn skipped

C:\Program\Norton AntiVirus\Quarantine\70A3204C.qtdfmp Infected: Trojan-Downloader.Win32.Tibs.cn skipped

C:\Program\Norton AntiVirus\Quarantine\71605EAE Infected: Trojan-Dropper.Win32.Agent.aac skipped

C:\Program\Norton AntiVirus\Quarantine\747D2457 Infected: Trojan-Clicker.Win32.Agent.gp skipped

C:\Program\Norton AntiVirus\Quarantine\75E6400C.class Infected: Trojan.Java.ClassLoader.aq skipped

C:\Program\Norton AntiVirus\Quarantine\76263365.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\76263365.htm Infected: Exploit.JS.CVE-2005-1790.j skipped

C:\Program\Norton AntiVirus\Quarantine\76263365.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program\Norton AntiVirus\Quarantine\762903AB.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Program\Norton AntiVirus\Quarantine\76295D61.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Program\Norton AntiVirus\Quarantine\7703599D.class Infected: Trojan.Java.ClassLoader.k skipped

C:\Program\Norton AntiVirus\Quarantine\787E7851 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program\Norton AntiVirus\Quarantine\78954720.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070546.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070727.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070729.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070730.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070731.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070732.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070733.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{60833757-5D14-4D7A-BE32-61043C8788E3}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETCBCB.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

------------------------------------------------------------------------

And here is the HijackThis report
------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\HP\hpcoretech\comp\hptskmgr.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\WordWeb\wweb32.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\Program\Webshots\Webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program\Webshots\WSToolbar4IE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4077350100-2935208554-4240909337-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rodica')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Starta Microsoft Outlook.lnk = C:\Program\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Startup: Webshots.lnk = C:\Program\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: WordWeb.lnk = C:\Program\WordWeb\wweb32.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2349a6da...p/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094151739812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161421843625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://kursnavet.cfl.se/broker/globa...ts/saxfile.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11776 bytes

Thanks again

01-24-2008, 05:29 AM	#4 (permalink)
Joshik Registered User Join Date: Jan 2008 Posts: 7 OS: XP pro SP2	Re: Yet another VirusWebProtect infection ... continuation of Kaspersky report ... ------------------------------------------------ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{0E84052B-942D-4265-9F4E-95A97E9AC416}.ldb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{0E84052B-942D-4265-9F4E-95A97E9AC416}.sds Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\60B6C2C6.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owe\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-1d366f01/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Owe\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-1d366f01 ZIP: infected - 1 skipped C:\Documents and Settings\Owe\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owe\Lokala inställningar\Tidigare\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped C:\Documents and Settings\Owe\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owe\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owe\Skrivbord\Videofix\MitFraudFixIGEN\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Rodica\Skrivbord\SmitFraudFix - Tools\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program\Norton AntiVirus\AVError.log Object is locked skipped C:\Program\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp ZIP: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\00A9233E.tmp CryptFF: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\00B64B2F.class Infected: Trojan-Downloader.Java.OpenConnection.ak skipped C:\Program\Norton AntiVirus\Quarantine\05982C1F Infected: Trojan-Downloader.JS.IstBar.b skipped C:\Program\Norton AntiVirus\Quarantine\063C4F1B.tmp Infected: Trojan.Java.ClassLoader.i skipped C:\Program\Norton AntiVirus\Quarantine\069541A4.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\09327290.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\09384689.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped C:\Program\Norton AntiVirus\Quarantine\09384689.zip Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\093C7086.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\0B502C3C.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\0B535638.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\0BF06A0F Infected: not-a-virus:RemoteAdmin.PHP.RemView.a skipped C:\Program\Norton AntiVirus\Quarantine\0C04125C Infected: Trojan-Downloader.Win32.TSUpdate.p skipped C:\Program\Norton AntiVirus\Quarantine\103C641A.htm Infected: Trojan-Downloader.JS.Small.eo skipped C:\Program\Norton AntiVirus\Quarantine\111123E7.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\111777E0.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\114F41A3.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\114F41A3.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\11C1686E.class Infected: Trojan-Downloader.Java.OpenStream.c skipped C:\Program\Norton AntiVirus\Quarantine\11C4126B.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\11C4126B.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\12BB116A.class Infected: Trojan.Java.ClassLoader.d skipped C:\Program\Norton AntiVirus\Quarantine\13985565 Infected: Email-Worm.Win32.Zafi.b skipped C:\Program\Norton AntiVirus\Quarantine\141D568C.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\14200089.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\16B27DF0.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\18220020.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\18A6399C.class Infected: Trojan.Java.ClassLoader.u skipped C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar ZIP: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\18D5055B.jar CryptFF: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\18DC5953.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\19204B08.exe Infected: Trojan-Downloader.Win32.Small.atl skipped C:\Program\Norton AntiVirus\Quarantine\19204B08.qtdfmp Infected: Trojan-Downloader.Win32.Small.atl skipped C:\Program\Norton AntiVirus\Quarantine\19F14A22.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\19F81E1B.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\19F81E1B.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\19FB4817.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\1B6C5081.wmf Infected: Exploit.Win32.IMG-WMF.c skipped C:\Program\Norton AntiVirus\Quarantine\1B707A7E.exe Infected: Trojan-Downloader.Win32.Small.bvv skipped C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program\Norton AntiVirus\Quarantine\1D940822.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program\Norton AntiVirus\Quarantine\1D940822.jar ZIP: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\1D940822.jar CryptFF: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\1D97321E.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\1E316775.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\1E4A419F.class Infected: Trojan.Java.ClassLoader.i skipped C:\Program\Norton AntiVirus\Quarantine\1E4D6B9C.tmp Infected: Trojan.Java.ClassLoader.i skipped C:\Program\Norton AntiVirus\Quarantine\23240A59/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped C:\Program\Norton AntiVirus\Quarantine\23240A59 NSIS: infected - 1 skipped C:\Program\Norton AntiVirus\Quarantine\23240A59 CryptFF: infected - 1 skipped C:\Program\Norton AntiVirus\Quarantine\2575338E.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\26E3202B.exe Infected: Trojan-Dropper.Win32.Small.amd skipped C:\Program\Norton AntiVirus\Quarantine\275C77DF Infected: Trojan-Dropper.Win32.Agent.aac skipped C:\Program\Norton AntiVirus\Quarantine\2BED689F.tmp Infected: not-virus:Hoax.Win32.Renos.dv skipped C:\Program\Norton AntiVirus\Quarantine\327E1AC9.htm Infected: Trojan-Downloader.JS.Psyme.dy skipped C:\Program\Norton AntiVirus\Quarantine\339D72AF Infected: Packed.Win32.Tibs skipped C:\Program\Norton AntiVirus\Quarantine\35506876.class Infected: Trojan.Java.ClassLoader.u skipped C:\Program\Norton AntiVirus\Quarantine\389B1EE1 Infected: Packed.Win32.Tibs skipped C:\Program\Norton AntiVirus\Quarantine\3B716A2D.dll Infected: Trojan-Spy.Win32.Sters.l skipped C:\Program\Norton AntiVirus\Quarantine\463B345C Infected: Trojan-Downloader.Win32.TSUpdate.l skipped C:\Program\Norton AntiVirus\Quarantine\46AF2949.class Infected: Trojan.Java.ClassLoader.k skipped C:\Program\Norton AntiVirus\Quarantine\48E90103 Infected: Trojan-Clicker.JS.Agent.e skipped C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Program\Norton AntiVirus\Quarantine\48ED2AFF/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped C:\Program\Norton AntiVirus\Quarantine\48ED2AFF Inno: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\48ED2AFF CryptFF: infected - 3 skipped C:\Program\Norton AntiVirus\Quarantine\48F37EF8 Infected: Trojan-Downloader.Win32.TSUpdate.n skipped C:\Program\Norton AntiVirus\Quarantine\48F628F4 Infected: Trojan-Downloader.Win32.TSUpdate.f skipped C:\Program\Norton AntiVirus\Quarantine\48FD7CED Infected: Trojan.Win32.Dialer.ay skipped C:\Program\Norton AntiVirus\Quarantine\490450E6 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2 WiseSFX: infected - 4 skipped C:\Program\Norton AntiVirus\Quarantine\49077AE2 CryptFF: infected - 4 skipped C:\Program\Norton AntiVirus\Quarantine\548A542E.class Infected: Trojan.Java.ClassLoader.d skipped C:\Program\Norton AntiVirus\Quarantine\54A644AB.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\55470C55.class Infected: Trojan-Downloader.Java.OpenConnection.ak skipped C:\Program\Norton AntiVirus\Quarantine\5A436E7E.class Infected: Trojan.Java.ClassLoader.h skipped C:\Program\Norton AntiVirus\Quarantine\5A46187A.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\5EC5480F.tmp Infected: Trojan.Java.ClassLoader.i skipped C:\Program\Norton AntiVirus\Quarantine\640565C1.dll Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Program\Norton AntiVirus\Quarantine\64620ABA.php Infected: not-a-virus:RemoteAdmin.PHP.RemView.a skipped C:\Program\Norton AntiVirus\Quarantine\68532A76.class Infected: Trojan.Java.ClassLoader.h skipped C:\Program\Norton AntiVirus\Quarantine\6898690A.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\68EC6858 Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped C:\Program\Norton AntiVirus\Quarantine\6B3D118E.class Infected: Trojan.Java.ClassLoader.d skipped C:\Program\Norton AntiVirus\Quarantine\6C150CE1.txt Infected: Trojan-Downloader.Win32.Agent.aea skipped C:\Program\Norton AntiVirus\Quarantine\6C3F2EB3.txt Infected: Trojan-Dropper.Win32.Small.amd skipped C:\Program\Norton AntiVirus\Quarantine\6E756051.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\70A3204C.exe Infected: Trojan-Downloader.Win32.Tibs.cn skipped C:\Program\Norton AntiVirus\Quarantine\70A3204C.qtdfmp Infected: Trojan-Downloader.Win32.Tibs.cn skipped C:\Program\Norton AntiVirus\Quarantine\71605EAE Infected: Trojan-Dropper.Win32.Agent.aac skipped C:\Program\Norton AntiVirus\Quarantine\747D2457 Infected: Trojan-Clicker.Win32.Agent.gp skipped C:\Program\Norton AntiVirus\Quarantine\75E6400C.class Infected: Trojan.Java.ClassLoader.aq skipped C:\Program\Norton AntiVirus\Quarantine\76263365.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\76263365.htm Infected: Exploit.JS.CVE-2005-1790.j skipped C:\Program\Norton AntiVirus\Quarantine\76263365.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped C:\Program\Norton AntiVirus\Quarantine\762903AB.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Program\Norton AntiVirus\Quarantine\76295D61.class Infected: Trojan.Java.ClassLoader.h skipped C:\Program\Norton AntiVirus\Quarantine\7703599D.class Infected: Trojan.Java.ClassLoader.k skipped C:\Program\Norton AntiVirus\Quarantine\787E7851 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Program\Norton AntiVirus\Quarantine\78954720.exe Infected: Trojan-Downloader.Win32.Agent.aea skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070537.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070546.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070727.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070729.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070730.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070731.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070732.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\A0070733.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{6390A370-AB00-4609-8098-1A1C6A7DE247}\RP428\change.log Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{60833757-5D14-4D7A-BE32-61043C8788E3}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\JETCBCB.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. ------------------------------------------------------------------------ And here is the HijackThis report ------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:04, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\Microsoft IntelliType Pro\type32.exe C:\Program\Microsoft IntelliPoint\point32.exe C:\Program\Java\jre1.6.0_03\bin\jusched.exe C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe C:\Program\Logitech\QuickCam\Quickcam.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\HP\hpcoretech\comp\hptskmgr.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\Personal\bin\Personal.exe C:\Program\WordWeb\wweb32.exe C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe C:\Program\Webshots\Webshots.scr C:\WINDOWS\System32\svchost.exe C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program\Webshots\WSToolbar4IE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4077350100-2935208554-4240909337-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rodica') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Starta Microsoft Outlook.lnk = C:\Program\Microsoft Office\Office10\OUTLOOK.EXE O4 - Startup: Webshots.lnk = C:\Program\Webshots\Launcher.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O4 - Global Startup: WordWeb.lnk = C:\Program\WordWeb\wweb32.exe O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2349a6da...p/RdxIE601.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094151739812 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161421843625 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://kursnavet.cfl.se/broker/globa...ts/saxfile.cab O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 11776 bytes Thanks again