Help
-
i've the norton antivirus in my com but when i click onto the icon an alert stat that the window cannot find the file. any idea why? is it something to do with the msn image virus which i dun know if i had clean it properly?
and can also help me check HJT log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:22 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpoolfc.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvu.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182441366468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6584 bytes
thanks -
reinstall nav lor
-
Because it has been patched by a virus...
Sigh...
Please don't use MSConfig to tweak anything. If MSConfig gets patched as well, I wish you good luck.
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please download the beta version of Combofix from Bleeping Computer. Save it to your desktop.
If you can't download it, please try these 2 alternative sites:
Forospyware
Geeks to Go
Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply. -
ComboFix 07-12-30.1 - Edwin Tan 2007-12-30 20:59:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1549 [GMT 8:00]
Running from: D:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\gebyxxy.dll
C:\WINDOWS\system32\nnnomnl.dll
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-25 00:41 . 2007-12-25 00:41 d-------- C:\Program Files\Trend Micro
2007-12-21 10:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-21 10:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-21 10:21 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-21 00:02 . 2007-12-30 17:02 d-------- C:\Program Files\MSN Messenger
2007-12-20 23:48 . 2007-12-25 00:30 1,953,792 --a------ C:\WINDOWS\system32\JMRaidSetup .exe
2007-12-20 23:48 . 2007-12-30 12:30 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 22:38 . 2007-12-20 22:38 d-------- C:\Program Files\Windows Live
2007-12-20 22:38 . 2007-12-20 22:38 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-20 22:38 . 2007-12-20 22:38 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-17 23:58 . 2007-12-30 12:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-17 23:58 . 2007-11-17 23:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-17 23:57 . 2007-12-30 15:57 d-------- C:\Program Files\QuickTime
2007-11-17 23:57 . 2007-12-30 12:38 d-------- C:\Program Files\iTunes
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Program Files\iPod
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Documents and Settings\Edwin Tan\Application Data\Apple Computer
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Program Files\Common Files\Apple
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Program Files\Apple Software Update
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-17 23:56 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-12 23:06 . 2007-11-12 23:58 58,760 --a------ C:\symlcsv1.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 04:38 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-30 04:38 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-30 04:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-24 16:53 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-13 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-13 07:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-13 07:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-13 07:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-13 07:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-13 07:33 --------- d-----w C:\Program Files\Symantec
2007-11-20 02:34 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 11:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 11:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 11:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 11:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 11:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 11:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 11:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 11:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 11:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 11:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 11:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE294157-70FB-4485-A6A8-34E9924CCCA4}]
C:\WINDOWS\system32\vtuts.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"ares"="C:\Program Files\Ares\Ares.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" []
"36X Raid Configurer"="C:\WINDOWS\System32\JMRaidSetup.exe" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 C:\WINDOWS\RTHDCPL.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarsOnTaskbar"= 0 (0x0)
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-06-08 17:59]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 14:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-11 12:14:50 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Edwin Tan.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 21:03:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 21:04:03 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 13:03:46
.
2007-12-20 16:20:36 --- E O F --- -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:15 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpoolfc.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BE294157-70FB-4485-A6A8-34E9924CCCA4} - C:\WINDOWS\system32\vtuts.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182441366468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7031 bytes -
A question. Did you reinstall Norton?
-
nope. i didnt.
-
OK. Looks like you really have the latest infection.
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Download and run this. A log will be produced. Post back this log. -
code]
Ran on Sun 12/30/2007 - 21:29:36.75
----a-w 90,112 2007-12-30 04:29:55 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart .exe
----a-w 155,648 2007-12-30 04:30:04 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 143,360 2007-12-30 04:30:13 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w 115,816 2007-12-30 04:30:04 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 267,048 2007-12-30 04:30:11 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2007-12-30 04:30:05 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 461,584 2007-12-24 16:30:50 C:\Program Files\Microsoft IntelliPoint\ipoint .exe
----a-w 437,008 2007-12-30 04:29:57 C:\Program Files\Microsoft IntelliType Pro\itype .exe
----a-w 5,674,352 2007-12-30 04:30:18 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 651,776 2007-12-30 04:29:59 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-29 15:41:34 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-28 21:57:48 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-28 14:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 14:48:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 05:21:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-26 17:37:15 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 15:46:09 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 14:42:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 08:53:07 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 07:42:01 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 04:37:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 03:44:05 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 17:34:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 16:31:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 03:09:21 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 11:45:10 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 08:01:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 14:26:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 13:17:06 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-22 02:24:36 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 14:26:24 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 02:19:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-20 15:57:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 208,952 2007-12-30 04:30:06 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w 36,864 2007-12-30 04:30:00 C:\WINDOWS\JM\JMInsIDE .exe
----a-w 15,360 2007-12-30 04:30:15 C:\WINDOWS\system32\ctfmon .exe
----a-w 1,953,792 2007-12-24 16:30:55 C:\WINDOWS\system32\JMRaidSetup .exe
----a-w 59,392 2007-12-30 04:30:07 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w 455,168 2007-12-30 04:30:09 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
Entries: 39 (39)
Directories: 0 Files: 39
Bytes: 25,839,336 Blocks: 50,471
[/code] -
Wait while I upload the fix for you. Otherwise the forum will create trouble with it.
-
http://www.mediafire.com/?5kd5ytkiw0d
Here. Download this file. Save it as Log.txt. Don't change the file name.
Refer to the picture below and drag Log.txt into RenV.exe
-
Remember to post back this log file.
-
code:
Ran on Sun 12/30/2007 - 21:59:20.68
------w 115,816 2007-12-30 04:30:04 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 651,776 2007-12-29 15:41:34 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-28 21:57:48 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-28 14:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 14:48:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 05:21:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-26 17:37:15 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 15:46:09 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 14:42:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 08:53:07 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 07:42:01 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 04:37:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 03:44:05 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 17:34:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 16:31:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 03:09:21 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 11:45:10 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 08:01:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 14:26:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 13:17:06 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-22 02:24:36 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 14:26:24 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 02:19:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-20 15:57:45 C:\Program Files\QuickTime\QTTask .exe
Entries: 24 (24)
Directories: 0 Files: 24
Bytes: 15,096,424 Blocks: 29,486 -
OK. Two more files.
Same thing - Download Log.txt and save it. Drag it into RenV.exe
After that, download CFScript.txt. Save it as CFScript.txt. Don't change the file name.
This time, drag CFScript into Combofix, like how you drag Log.txt into RenV.exe.
Post back the Combofix log, RenV log (log.txt) and a new HijackThis log. -
ComboFix 07-12-30.1 - Edwin Tan 2007-12-30 22:24:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1543 [GMT 8:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
* Created a new restore point
FILE
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\symlcsv1.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\symlcsv1.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-25 00:41 . 2007-12-25 00:41 d-------- C:\Program Files\Trend Micro
2007-12-21 10:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-21 10:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-21 10:21 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-21 00:02 . 2007-12-30 21:59 d-------- C:\Program Files\MSN Messenger
2007-12-20 22:38 . 2007-12-20 22:38 d-------- C:\Program Files\Windows Live
2007-12-20 22:38 . 2007-12-20 22:38 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-20 22:38 . 2007-12-20 22:38 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-17 23:58 . 2007-12-30 12:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-17 23:58 . 2007-11-17 23:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-17 23:57 . 2007-12-30 22:24 d-------- C:\Program Files\QuickTime
2007-11-17 23:57 . 2007-12-30 21:59 d-------- C:\Program Files\iTunes
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Program Files\iPod
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Documents and Settings\Edwin Tan\Application Data\Apple Computer
2007-11-17 23:57 . 2007-11-17 23:57 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Program Files\Common Files\Apple
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Program Files\Apple Software Update
2007-11-17 23:56 . 2007-11-17 23:56 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-17 23:56 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 14:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 13:59 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-30 13:59 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-30 04:38 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-30 04:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 04:30 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-13 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-13 07:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-13 07:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-13 07:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-13 07:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-13 07:33 --------- d-----w C:\Program Files\Symantec
2007-11-20 02:34 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 11:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 11:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 11:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 11:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 11:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 11:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 11:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 11:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 11:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 11:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 11:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-30_21.03.35.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 14:32:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2007-12-30 04:30:06 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe
+ 2007-12-30 14:05:40 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SC_Reader.exe
- 2004-08-03 16:56:50 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2007-12-30 04:30:15 15,360 -c--a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
- 2004-08-03 14:32:00 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
+ 2007-12-30 04:30:06 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe
- 2004-08-03 14:31:50 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
+ 2007-12-30 04:30:07 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe
- 2004-08-03 14:32:16 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
+ 2007-12-30 04:30:09 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe
- 2004-08-03 14:31:50 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
+ 2007-12-30 04:30:07 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
- 2004-08-03 14:32:16 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
+ 2007-12-30 04:30:09 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
+ 2007-12-30 14:22:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a4c.dat
+ 2006-06-05 06:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 06:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 06:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 12:30]
"ares"="C:\Program Files\Ares\Ares.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" []
"36X Raid Configurer"="C:\WINDOWS\System32\JMRaidSetup.exe" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 C:\WINDOWS\RTHDCPL.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-12-30 12:30]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-12-30 12:30]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 12:30]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-30 12:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarsOnTaskbar"= 0 (0x0)
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-06-08 17:59]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 14:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-11 12:14:50 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Edwin Tan.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 22:25:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 22:25:22
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 14:25:10
C:\qoobox\ComboFix2.txt 2007-12-30 13:04:03
.
2007-12-20 16:20:36 --- E O F --- -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:05 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpoolfc.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182441366468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7216 bytes -
code:
Ran on Sun 12/30/2007 - 22:22:06.14
------w 115,816 2007-12-30 04:30:04 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 651,776 2007-12-28 21:57:48 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-28 14:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 14:48:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-27 05:21:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-26 17:37:15 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 15:46:09 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 14:42:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 08:53:07 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 07:42:01 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 04:37:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-25 03:44:05 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 17:34:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 16:31:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-24 03:09:21 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 11:45:10 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-23 08:01:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 14:26:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 651,776 2007-12-22 13:17:06 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-22 02:24:36 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 14:26:24 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-21 02:19:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 649,216 2007-12-20 15:57:45 C:\Program Files\QuickTime\QTTask .exe
Entries: 23 (23)
Directories: 0 Files: 23
Bytes: 14,444,648 Blocks: 28,213 -
OK
Need to do some checking
Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.- [*]Click on Kaspersky Online Scanner button.
[*]Read through the requirements and privacy statement and click on Accept button.
[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
[*]When the downloads have finished, click on Next button.
[*]Click on Scan Settings button.
[*]Select extended under Scan using the following antivirus database:
[*]Check (tick) these boxes under Scan options:- [*]Scan Archives
[*]Scan Mail Bases
[*]Click on My Computer under Please select a target to scan:
[*]Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
[*]Copy and paste this log in your next reply.
Post back this Kaspersky log. -
KASPERSKY ONLINE SCANNER REPORT
Monday, December 31, 2007 1:00:25 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/12/2007
Kaspersky Anti-Virus database records: 500302
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 68388
Number of viruses found 6
Number of infected objects 282
Number of suspicious objects 0
Duration of the scan process 00:28:56
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\60FE97FE.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D23CD740.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Edwin Tan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\History\History.IE5\MSHist012007122420071231\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\History\History.IE5\MSHist012007123120080101\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Edwin Tan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Edwin Tan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyxxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnomnl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped
C:\QooBox\Quarantine\catchme2007-12-30_210316.01.zip/awvvu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgy skipped
C:\QooBox\Quarantine\catchme2007-12-30_210316.01.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP82\A0020755.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP82\A0020762.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP82\A0020768.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP84\A0021815.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP84\A0021818.exe Infected: Backdoor.Win32.IRCBot.awg skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021893.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021896.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021897.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021898.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021899.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021900.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021901.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021902.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021906.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021907.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021908.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP85\A0021909.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023978.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023982.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023983.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023984.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023985.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023986.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023988.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023990.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023997.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0023998.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024000.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024032.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024034.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024036.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024037.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024038.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024039.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024041.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024045.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024046.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024054.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0024056.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026092.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026094.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026096.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026097.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026098.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026099.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026101.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026104.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026105.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026110.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026112.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0026114.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028146.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028148.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028154.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028156.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028157.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028158.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028159.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028162.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028163.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028168.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP87\A0028169.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028220.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028222.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028224.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028225.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028228.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028232.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028233.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028234.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028235.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028240.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028241.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028242.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028293.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028295.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028297.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028298.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028299.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028301.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028302.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028303.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028305.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028311.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028313.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028314.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028349.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028350.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028353.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028354.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028355.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028356.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028357.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028358.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028360.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028368.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028370.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028393.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028395.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028401.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028403.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028404.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028405.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028406.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028407.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028408.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028415.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028416.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028453.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028455.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028457.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028458.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028459.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028460.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028463.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028467.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028468.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028476.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028478.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028479.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028480.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028484.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028485.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028486.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028487.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028488.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028490.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028491.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028492.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028493.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028495.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028516.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028518.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028521.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028522.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028525.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028526.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028527.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028536.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028538.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028556.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028558.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028560.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028561.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028562.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028563.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028564.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028571.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP88\A0028573.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028821.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028823.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028829.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028830.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028831.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028833.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028835.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028840.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028842.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028856.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028858.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028860.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028861.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028862.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028863.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028864.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028869.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028871.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028872.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028894.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028896.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028898.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028899.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028900.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028901.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028902.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028910.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028911.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028946.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028948.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028950.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028951.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028952.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028953.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028954.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028962.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028965.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028998.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0028999.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029002.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029003.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029004.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029005.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029006.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029013.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029014.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029043.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029044.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029046.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029047.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029048.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029051.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029052.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029060.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029062.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029095.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029097.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029099.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029101.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029104.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029105.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029106.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029117.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP89\A0029118.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029150.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029152.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029157.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029158.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029159.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029160.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029162.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029168.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029169.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029204.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029206.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029208.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029209.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029211.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029213.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029214.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029221.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP90\A0029222.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030204.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030206.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030208.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030209.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030210.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030211.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030212.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030222.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030224.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030243.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030245.Exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030247.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030248.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030249.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030250.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030251.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030259.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP91\A0030260.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP92\A0032341.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cod skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP96\A0034513.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP96\A0034514.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP96\A0034520.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgy skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP96\A0034561.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP96\A0034570.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP97\A0034598.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034605.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034606.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034607.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034608.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034609.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034610.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034611.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034612.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034613.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034614.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034615.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034616.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034617.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034618.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034619.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034620.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034621.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034622.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034623.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034624.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034625.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\A0034626.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_aac.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{8816F728-3387-46B7-A3EF-D4538225BE4E}\RP98\change.log Object is locked skipped
Scan process completed. -
OK. Kaspersky log looks good.
Can you double check if your Norton is working?
And that these programs are working
C:\Program Files\Microsoft IntelliPoint\ipoint.exe - related to Microsoft keyboard/mouse
C:\WINDOWS\System32\JMRaidSetup.exe - your hard disk software
C:\Program Files\QuickTime\QTTask .exe - Quicktime
C:\Program Files\Ares\Ares.exe - Ares
C:\Program Files\MSN Messenger\msnmsgr.exe - MSN Messenger -
nope.. noton still the same.. say cannot find the file
-
Try reinstalling Norton.
If needed, download the Norton Removal Tool...
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 -
so does that mean the virus is remove?
-
From the Kaspersky log, it looks like it has been removed.
-
is there any way to check it?