Tech Support Forum - View Single Post

dandelion2005 · 10-08-2006, 04:40 AM

Jotti Scan:

Service load:
0% 100%
File: update.exe
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 0b630c8656b1ea82c82b929d51fa351b
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

AVG

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:20:44 PM 10/8/2006

+ Scan result:

C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP19\A0005210.exe -> Dialer.CapreDeam.p : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP35\A0009961.exe -> Dialer.CapreDeam.q : Cleaned.
:mozilla.61:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.275:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.74:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.146:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.147:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.69:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.166:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.167:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.168:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.169:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.139:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.276:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.209:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.210:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.211:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.212:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.32:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.66:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.67:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.68:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.253:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.272:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.273:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.269:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.236:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.21:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.171:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.89:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.93:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.283:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.284:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.277:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP32\A0007885.EXE -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009948.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009949.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009950.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009951.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009952.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009953.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP34\A0009956.exe -> Trojan.ShipUp.a : Cleaned.
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP35\A0009960.EXE -> Trojan.ShipUp.a : Cleaned.

::Report end

Kapersky

KASPERSKY ONLINE SCANNER REPORT
Sunday, October 08, 2006 6:33:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/10/2006
Kaspersky Anti-Virus database records: 229895
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 32077
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:29:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\none1\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\none1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\none1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\none1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\none1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\none1\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP39\change.log Object is locked skipped
C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP4\A0002632.exe Infected: not-a-virus:RiskTool.Win32.Reboot.e skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

HiJack

Logfile of HijackThis v1.99.1
Scan saved at 6:34:01 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\none1\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.7;60.49.222.61;<local>
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156905061000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Hope this helps....thanks...

10-08-2006, 04:40 AM	#3 (permalink)
dandelion2005 Registered User Join Date: Oct 2006 Posts: 15 OS: XP	Jotti Scan: Service load: 0% 100% File: update.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 0b630c8656b1ea82c82b929d51fa351b Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing AVG AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:20:44 PM 10/8/2006 + Scan result: C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP19\A0005210.exe -> Dialer.CapreDeam.p : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP35\A0009961.exe -> Dialer.CapreDeam.q : Cleaned. :mozilla.61:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.62:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.63:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.103:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.138:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned. :mozilla.275:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.74:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.146:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.147:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned. :mozilla.69:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.166:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.167:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.168:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.169:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.139:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.276:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned. :mozilla.209:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.210:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.211:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.212:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.31:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.32:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.66:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.67:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.68:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.253:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.272:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.273:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.269:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned. :mozilla.236:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.21:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.22:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.23:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.25:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.26:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.170:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.171:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.172:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.89:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.93:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.283:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.284:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.277:C:\Documents and Settings\none1\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP32\A0007885.EXE -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009948.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009949.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009950.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009951.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009952.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP33\A0009953.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP34\A0009956.exe -> Trojan.ShipUp.a : Cleaned. C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP35\A0009960.EXE -> Trojan.ShipUp.a : Cleaned. ::Report end Kapersky KASPERSKY ONLINE SCANNER REPORT Sunday, October 08, 2006 6:33:00 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/10/2006 Kaspersky Anti-Virus database records: 229895 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 32077 Number of viruses found: 1 Number of infected objects: 1 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:29:51 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\none1\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped C:\Documents and Settings\none1\Cookies\index.dat Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\none1\Local Settings\Application Data\Mozilla\Firefox\Profiles\lp7rsvjr.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\none1\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\none1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\none1\NTUSER.DAT Object is locked skipped C:\Documents and Settings\none1\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP39\change.log Object is locked skipped C:\System Volume Information\_restore{E8E2A228-5A4E-4007-A6BE-8F69244E9A72}\RP4\A0002632.exe Infected: not-a-virus:RiskTool.Win32.Reboot.e skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. HiJack Logfile of HijackThis v1.99.1 Scan saved at 6:34:01 PM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\none1\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.7;60.49.222.61;<local> O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156905061000 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Hope this helps....thanks...