Tech Support Forum - View Single Post - I have a Dowloader virus with lots of popups

storms0924 · 01-24-2008, 08:33 PM

Thank you for the update. Things are looking a lot better. I nearly had an outbreak before I started running these latest fixes, but things seem to be okay now. Here are the latest reports:

ComboFix log:

ComboFix 08-01-20.1 - Customer 2008-01-24 21:44:39.10 - NTFSx86
Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINDOWS\bmlvqkn.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-24 21:42 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-24 21:40 . 2008-01-24 21:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-20 19:32 . 2008-01-24 21:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 19:32 . 2008-01-20 19:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 16:19 . 2008-01-20 16:19 <DIR> d-------- C:\Program Files\IrfanView
2008-01-20 11:40 . 2008-01-20 11:40 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-20 11:25 . 2008-01-20 11:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-20 11:25 . 2008-01-20 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 11:24 . 2008-01-20 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 10:12 . 2008-01-20 10:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-20 10:09 . 2008-01-20 10:12 <DIR> d-------- C:\Documents and Settings\Customer\.housecall6.6
2008-01-16 22:57 . 2008-01-16 22:57 <DIR> d-------- C:\Program Files\MediaRoverCodec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 02:42 --------- d-----w C:\Program Files\Java
2008-01-25 02:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 01:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-24 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-24 02:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-23 04:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-21 00:41 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-22 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-22 07:37 --------- d-----w C:\Program Files\AIM6
2007-12-22 07:37 --------- d-----w C:\Documents and Settings\Customer\Application Data\acccore
2007-12-22 07:36 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-22 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-22 05:56 --------- d-----w C:\Documents and Settings\Customer\Application Data\Skype
2007-12-21 21:16 --------- d-----w C:\Documents and Settings\Customer\Application Data\skypePM
2007-12-19 17:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-19 16:54 --------- d-----w C:\Program Files\Skype
2007-12-19 16:54 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-19 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-17 12:59 --------- d-----w C:\Documents and Settings\Customer\Application Data\Talkback
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 04:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 12:55 --------- d-----w C:\Documents and Settings\Customer\Application Data\Symantec
2007-12-10 01:24 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-09 15:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\PC Tools
2007-12-09 15:14 --------- d-----w C:\Program Files\Picasa2
2007-12-09 15:13 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-09 15:13 --------- d-----w C:\Program Files\Google
2007-12-09 13:34 --------- d-----w C:\Program Files\SopCast
2007-12-01 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-01 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 05:12 --------- d-----w C:\Program Files\SpywareGuard
2007-11-25 04:35 --------- d-----w C:\Program Files\Trend Micro
2007-11-25 01:27 --------- d-----w C:\Program Files\Symantec
2007-11-25 01:26 --------- d-----w C:\Program Files\SymNetDrv
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_18.35.13.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 23:28:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 01:55:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 23:28:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 01:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 23:28:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 01:55:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 23:28:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 01:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 23:28:30 2,691,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 01:55:38 2,691,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-20 23:28:30 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 01:55:38 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-20 23:05:39 524,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-23 03:11:50 524,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-20 23:05:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-23 03:11:50 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2004-06-04 01:09:14 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-12-14 05:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-06-04 01:09:20 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-12-14 05:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-12-14 06:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2008-01-20 23:15:44 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-23 02:59:53 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-20 23:15:44 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-23 03:00:00 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 01:04 68856]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 15:19 290816]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 16:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 16:31 126976]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-24 20:26 100056]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-01 16:29 6731312]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-09 10:13 29744]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Customer\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-01 01:04:09 126136]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {6491FFDC-6DAA-491F-9A9A-BFFC157E50F6} - C:\WINDOWS\bmlvqkn.dll [ ]
"agrlmvp"= {013221D6-8DFD-4843-A023-EB356DA3115A} - C:\WINDOWS\agrlmvp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-09 10:13]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 19:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 12:39:53 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Customer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 21:47:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-24 21:48:55
ComboFix-quarantined-files.txt 2008-01-25 02:48:50
ComboFix2.txt 2008-01-24 02:19:28
ComboFix3.txt 2007-12-01 21:26:10
ComboFix4.txt 2007-12-01 20:07:51
ComboFix5.txt 2007-12-01 04:42:42
.
2008-01-10 01:51:59 --- E O F ---

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:03 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: bmlvqkn - {6491FFDC-6DAA-491F-9A9A-BFFC157E50F6} - C:\WINDOWS\bmlvqkn.dll (file missing)
O21 - SSODL: agrlmvp - {013221D6-8DFD-4843-A023-EB356DA3115A} - C:\WINDOWS\agrlmvp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11910 bytes

Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 24, 2008 10:33:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 531830
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 31017
Number of viruses found: 29
Number of infected objects: 44
Number of suspicious objects: 0
Duration of the scan process: 00:31:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\history.dat Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\key3.db Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\parent.lock Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Customer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\History\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\temp\~DF1BB6.tmp Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\temp\~DF833B.tmp Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\temp\~DFEA.tmp Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Customer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Customer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19654F22.vir Infected: not-a-virus:AdWare.Win32.Vapsup.od skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E971A32.dll Infected: Trojan-Downloader.Win32.Small.fyx skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21C72792.exe Infected: Trojan-Downloader.Win32.Agent.evl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\268E6DA2.exe Infected: Trojan-Clicker.Win32.Costrat.bz skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28C249C1.swf Infected: Trojan-Downloader.SWF.Gida.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3E0B4D5B.vir Infected: Trojan-Downloader.Win32.PurityScan.fe skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4141152E.exe Infected: Trojan.Win32.Qhost.it skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44377DF0.exe Infected: Trojan.Win32.Agent.cta skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48733221.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51A16FAB.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52051FFA.exe Infected: Trojan-Downloader.Win32.Agent.evl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66F50C66.dll Infected: Trojan-Proxy.Win32.Xorpix.bt skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66F50C66.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\678F0591.exe Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73451851.dll Infected: Trojan-Downloader.Win32.Small.gdy skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7348424E.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7358143C.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\735B3E38.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74F43E77.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75C8678D.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763D4F0C.exe Infected: Trojan.Win32.Qhost.it skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76417908.exe Infected: Trojan-Clicker.Win32.Costrat.bz skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76442305.exe Infected: Trojan.Win32.Pakes.bpa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78CB1C3D.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7998715B.dat Infected: Trojan-Proxy.Win32.Agent.nu skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C1F6A93.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D1004EE.vir Infected: Rootkit.Win32.Agent.ok skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D132EEA.vir Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D176182.hos Infected: Trojan.Win32.Qhost.it skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D1A0B7F.sys Infected: Rootkit.Win32.Agent.pj skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D2E0769.sys Infected: Rootkit.Win32.Agent.jp skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D65512C.exe Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAA42E0.dll Infected: Trojan-Spy.Win32.Agent.aiu skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DD464B2.exe Infected: Trojan.Win32.Pakes.bpa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DFF0683.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DFF0683.sys Infected: Trojan-Clicker.Win32.Costrat.bz skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E7817FE.exe Infected: Trojan-Proxy.Win32.Xorpix.bt skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp NSIS: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB635BA.exe Infected: Trojan.Win32.Agent.crf skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB95FB6.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{822C198E-65A3-42A3-93F2-2700DD3C76F3}\RP60\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F77E2E45-8C43-4EE8-B8D7-C944CE69F1FC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost.it skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thank you and I look forward to hearing back from you soon.

01-24-2008, 08:33 PM	#5 (permalink)
storms0924 Registered User Join Date: Jan 2008 Posts: 5 OS: XP	Re: I have a Dowloader virus with lots of popups - please help Thank you for the update. Things are looking a lot better. I nearly had an outbreak before I started running these latest fixes, but things seem to be okay now. Here are the latest reports: ComboFix log: ComboFix 08-01-20.1 - Customer 2008-01-24 21:44:39.10 - NTFSx86 Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Application Data\Viewpoint C:\WINDOWS\bmlvqkn.dll . ((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))) . 2008-01-24 21:42 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-24 21:40 . 2008-01-24 21:40 <DIR> d-------- C:\Program Files\Common Files\Java 2008-01-20 19:32 . 2008-01-24 21:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-20 19:32 . 2008-01-20 19:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-20 16:19 . 2008-01-20 16:19 <DIR> d-------- C:\Program Files\IrfanView 2008-01-20 11:40 . 2008-01-20 11:40 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-20 11:25 . 2008-01-20 11:25 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-20 11:25 . 2008-01-20 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-20 11:24 . 2008-01-20 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-20 10:12 . 2008-01-20 10:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-20 10:09 . 2008-01-20 10:12 <DIR> d-------- C:\Documents and Settings\Customer\.housecall6.6 2008-01-16 22:57 . 2008-01-16 22:57 <DIR> d-------- C:\Program Files\MediaRoverCodec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 02:42 --------- d-----w C:\Program Files\Java 2008-01-25 02:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-25 01:36 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-24 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-24 02:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-23 04:31 --------- d-----w C:\Program Files\Spyware Doctor 2008-01-21 00:41 --------- d-----w C:\Program Files\SpywareBlaster 2007-12-22 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-22 07:37 --------- d-----w C:\Program Files\AIM6 2007-12-22 07:37 --------- d-----w C:\Documents and Settings\Customer\Application Data\acccore 2007-12-22 07:36 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-22 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-22 05:56 --------- d-----w C:\Documents and Settings\Customer\Application Data\Skype 2007-12-21 21:16 --------- d-----w C:\Documents and Settings\Customer\Application Data\skypePM 2007-12-19 17:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-19 16:54 --------- d-----w C:\Program Files\Skype 2007-12-19 16:54 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-19 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-17 12:59 --------- d-----w C:\Documents and Settings\Customer\Application Data\Talkback 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-14 04:40 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-12 12:55 --------- d-----w C:\Documents and Settings\Customer\Application Data\Symantec 2007-12-10 01:24 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-09 15:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\PC Tools 2007-12-09 15:14 --------- d-----w C:\Program Files\Picasa2 2007-12-09 15:13 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-09 15:13 --------- d-----w C:\Program Files\Google 2007-12-09 13:34 --------- d-----w C:\Program Files\SopCast 2007-12-01 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-01 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-01 05:12 --------- d-----w C:\Program Files\SpywareGuard 2007-11-25 04:35 --------- d-----w C:\Program Files\Trend Micro 2007-11-25 01:27 --------- d-----w C:\Program Files\Symantec 2007-11-25 01:26 --------- d-----w C:\Program Files\SymNetDrv 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-20_18.35.13.95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-20 23:28:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-25 01:55:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-20 23:28:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-25 01:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-20 23:28:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-25 01:55:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-20 23:28:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-25 01:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-20 23:28:30 2,691,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-25 01:55:38 2,691,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-20 23:28:30 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-25 01:55:38 40,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat - 2008-01-20 23:05:39 524,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-01-23 03:11:50 524,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT - 2008-01-20 23:05:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-01-23 03:11:50 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat - 2004-06-04 01:09:14 45,161 ----a-w C:\WINDOWS\system32\java.exe + 2007-12-14 05:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2004-06-04 01:09:20 45,163 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-12-14 05:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-12-14 06:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll - 2008-01-20 23:15:44 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-23 02:59:53 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-20 23:15:44 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-23 03:00:00 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat - 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 01:04 68856] "Aim6"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 15:19 290816] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 16:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 16:31 126976] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-24 20:26 100056] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-01 16:29 6731312] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-09 10:13 29744] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] C:\Documents and Settings\Customer\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-01 01:04:09 126136] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bmlvqkn"= {6491FFDC-6DAA-491F-9A9A-BFFC157E50F6} - C:\WINDOWS\bmlvqkn.dll [ ] "agrlmvp"= {013221D6-8DFD-4843-A023-EB356DA3115A} - C:\WINDOWS\agrlmvp.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-09 10:13] . Contents of the 'Scheduled Tasks' folder "2007-12-05 19:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-18 12:39:53 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Customer.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 21:47:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-24 21:48:55 ComboFix-quarantined-files.txt 2008-01-25 02:48:50 ComboFix2.txt 2008-01-24 02:19:28 ComboFix3.txt 2007-12-01 21:26:10 ComboFix4.txt 2007-12-01 20:07:51 ComboFix5.txt 2007-12-01 04:42:42 . 2008-01-10 01:51:59 --- E O F --- Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:50:03 PM, on 1/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O21 - SSODL: bmlvqkn - {6491FFDC-6DAA-491F-9A9A-BFFC157E50F6} - C:\WINDOWS\bmlvqkn.dll (file missing) O21 - SSODL: agrlmvp - {013221D6-8DFD-4843-A023-EB356DA3115A} - C:\WINDOWS\agrlmvp.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11910 bytes Kaspersky log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, January 24, 2008 10:33:40 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 25/01/2008 Kaspersky Anti-Virus database records: 531830 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 31017 Number of viruses found: 29 Number of infected objects: 44 Number of suspicious objects: 0 Duration of the scan process: 00:31:16 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\cert8.db Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\history.dat Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\key3.db Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\parent.lock Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\search.sqlite Object is locked skipped C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Customer\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlubzocf.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Customer\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\History\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\temp\~DF1BB6.tmp Object is locked skipped C:\Documents and Settings\Customer\Local Settings\temp\~DF833B.tmp Object is locked skipped C:\Documents and Settings\Customer\Local Settings\temp\~DFEA.tmp Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Customer\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Customer\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19654F22.vir Infected: not-a-virus:AdWare.Win32.Vapsup.od skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E971A32.dll Infected: Trojan-Downloader.Win32.Small.fyx skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21C72792.exe Infected: Trojan-Downloader.Win32.Agent.evl skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\268E6DA2.exe Infected: Trojan-Clicker.Win32.Costrat.bz skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28C249C1.swf Infected: Trojan-Downloader.SWF.Gida.a skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3E0B4D5B.vir Infected: Trojan-Downloader.Win32.PurityScan.fe skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4141152E.exe Infected: Trojan.Win32.Qhost.it skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44377DF0.exe Infected: Trojan.Win32.Agent.cta skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48733221.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51A16FAB.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52051FFA.exe Infected: Trojan-Downloader.Win32.Agent.evl skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66F50C66.dll Infected: Trojan-Proxy.Win32.Xorpix.bt skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66F50C66.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\678F0591.exe Infected: Trojan.Win32.DNSChanger.acs skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73451851.dll Infected: Trojan-Downloader.Win32.Small.gdy skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7348424E.dll Infected: Backdoor.Win32.Agent.adr skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7358143C.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\735B3E38.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74F43E77.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75C8678D.exe Infected: Trojan-Downloader.Win32.Suurch.cg skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763D4F0C.exe Infected: Trojan.Win32.Qhost.it skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76417908.exe Infected: Trojan-Clicker.Win32.Costrat.bz skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76442305.exe Infected: Trojan.Win32.Pakes.bpa skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78CB1C3D.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7998715B.dat Infected: Trojan-Proxy.Win32.Agent.nu skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C1F6A93.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D1004EE.vir Infected: Rootkit.Win32.Agent.ok skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D132EEA.vir Infected: Trojan.Win32.DNSChanger.abk skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D176182.hos Infected: Trojan.Win32.Qhost.it skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D1A0B7F.sys Infected: Rootkit.Win32.Agent.pj skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D2E0769.sys Infected: Rootkit.Win32.Agent.jp skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D65512C.exe Infected: Trojan.Win32.DNSChanger.acs skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAA42E0.dll Infected: Trojan-Spy.Win32.Agent.aiu skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DD464B2.exe Infected: Trojan.Win32.Pakes.bpa skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DFF0683.exe Infected: Trojan-Downloader.Win32.Small.gll skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DFF0683.sys Infected: Trojan-Clicker.Win32.Costrat.bz skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E7817FE.exe Infected: Trojan-Proxy.Win32.Xorpix.bt skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp NSIS: infected - 1 skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB20BBD.tmp CryptFF: infected - 1 skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB635BA.exe Infected: Trojan.Win32.Agent.crf skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EB95FB6.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{822C198E-65A3-42A3-93F2-2700DD3C76F3}\RP60\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{F77E2E45-8C43-4EE8-B8D7-C944CE69F1FC}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost.it skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Thank you and I look forward to hearing back from you soon.