Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:15 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader -
http://www.arcadetown.com/swf/hamsterball/...tgameloader.cabO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cabO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) -
http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cabO16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.com/cabs/acclaim_v5.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab57176.cabO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 11009 bytes
ComboFix 08-09-01.01 - Heather 2008-09-01 22:12:44.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -7:00]
Running from: C:\Documents and Settings\Heather\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Heather\Desktop\CFScript.txt
* Created a new restore point
[color=\"red\"]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\
0xf9.exe
C:\msavsc.dll
C:\msctrl.dll
C:\msfw.dll
C:\msiemon.dll
C:\mssadv.dll
C:\msscan.dll
C:\WINDOWS\wscmgr.exe
G:\MSOCache\doWTP_RESTORE_0.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\
0xf9.exe
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\bin.clearspring.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Heather\Cookies\
[email protected][1].txt
C:\msavsc.dll
C:\msctrl.dll
C:\msfw.dll
C:\msiemon.dll
C:\mssadv.dll
C:\msscan.dll
C:\WINDOWS\wscmgr.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-08-31 00:30 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-31 00:22 . 2008-08-31 00:22 0 --a------ C:\WINDOWS\SYSTEM32\REN85.tmp
2008-08-31 00:22 . 2008-08-31 00:22 0 --a------ C:\WINDOWS\SYSTEM32\REN84.tmp
2008-08-20 09:58 . 2002-08-29 03:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-08-18 21:41 . 2008-08-31 00:27 605 --a------ C:\WINDOWS\data7933~.sys
2008-08-18 21:41 . 2008-08-31 00:27 605 --a------ C:\WINDOWS\data7933.sys
2008-08-18 13:59 . 2008-08-18 14:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-04 00:34 . 2008-08-04 00:34 <DIR> d-------- C:\Program Files\Bonjour
2008-08-04 00:23 . 2008-08-04 00:23 <DIR> d-------- C:\Program Files\Safari
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-01 15:23 24 ----a-w C:\Documents and Settings\Heather\jagex_runescape_preferences.dat
2008-08-31 07:30 --------- d-----w C:\Program Files\Java
2008-08-19 14:38 --------- d-----w C:\Documents and Settings\Heather\Application Data\U3
2008-08-18 06:49 --------- d-----w C:\Documents and Settings\Heather\Application Data\Apple Computer
2008-08-04 07:37 --------- d-----w C:\Program Files\iTunes
2008-08-04 07:36 --------- d-----w C:\Program Files\iPod
2008-08-04 07:33 --------- d-----w C:\Program Files\QuickTime
2008-07-30 16:53 --------- d-----w C:\Program Files\Google
2008-07-27 22:09 --------- d-----w C:\Program Files\FastCrawl_at
2008-07-27 21:55 --------- d-----w C:\Documents and Settings\Heather\Application Data\GetRightToGo
2008-07-27 21:45 --------- d-----w C:\Program Files\EmpiresandDungeons_at
2008-07-27 21:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 21:12 --------- d-----w C:\Program Files\Feudalism_at
2008-07-21 18:29 --------- d-----w C:\Program Files\Apple Software Update
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 18:51 --------- d-----w C:\Program Files\Windows Live
2008-07-07 18:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2007-11-10 07:20 64,504 ----a-w C:\Documents and Settings\Heather\Application Data\GDIPFONTCACHEV1.DAT
2007-02-20 19:51 439,296 ----a-w C:\Documents and Settings\Heather\GoToAssist_phone__317_en.exe
2007-02-18 04:07 8 ----a-w C:\Documents and Settings\Heather\Application Data\usb.dat.bin
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_13.25.18.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37 936960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-11 07:10:51 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-27 23:47:42 1078]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-11-12 17:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-01 22:18:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-01 22:22:26
ComboFix-quarantined-files.txt 2008-09-02 05:22:18
ComboFix2.txt 2008-08-24 20:25:45
ComboFix3.txt 2007-09-30 06:47:16
Pre-Run: 45,456,035,840 bytes free
Post-Run: 45,556,490,240 bytes free
182 --- E O F --- 2008-08-13 10:06:54
Avira AntiVir Personal
Report file date: Tuesday, September 02, 2008 19:50
Scanning for 1594576 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NEWMAN
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 17:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 22:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 02:47:37
ANTIVIR3.VDF : 7.0.6.106 129024 Bytes 9/2/2008 02:47:38
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 9/3/2008 02:47:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 21:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 4/24/2008 21:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 21:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 9/3/2008 02:47:43
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 9/3/2008 02:47:42
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 21:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/3/2008 02:47:40
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 17:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 7/31/2008 17:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 21:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 9/3/2008 02:47:38
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, September 02, 2008 19:50
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msn6.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'McciBrowser.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LaunchU3.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '71' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\EarthLink TotalAccess\Accelerator\temp\codescache\cf\27cf
[DETECTION] Contains recognition pattern of the JS/StartPage.C Java script virus
[NOTE] The file was moved to '48f50204.qua'!
C:\Program Files\EarthLink TotalAccess\Accelerator\temp\codescache\d1\fad1
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '491f0240.qua'!
C:\QooBox\Quarantine\C\0xf9.exe.vir
[DETECTION] Is the TR/Dldr.VB.gob Trojan
[NOTE] The file was moved to '4924066e.qua'!
C:\QooBox\Quarantine\C\msavsc.dll.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '491f066c.qua'!
C:\QooBox\Quarantine\C\msctrl.dll.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4921066e.qua'!
C:\QooBox\Quarantine\C\msfw.dll.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '49240670.qua'!
C:\QooBox\Quarantine\C\msiemon.dll.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '49270672.qua'!
C:\QooBox\Quarantine\C\mssadv.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '49310674.qua'!
C:\QooBox\Quarantine\C\msscan.dll.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '49310675.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msavsc.exe.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '491f067a.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msctrl.exe.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4921067c.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msfw.exe.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4924067e.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msiemon.exe.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '49270680.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv.exe.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '49310682.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv_sp.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49310684.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msscan.exe.vir
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '4931068c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\wscmgr.exe.vir
[DETECTION] Is the TR/PSW.Delf.abx.2 Trojan
[NOTE] The file was moved to '4921068d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\CbEvtSvc.exe.vir
[DETECTION] Is the TR/Dldr.Exchanger.AM Trojan
[NOTE] The file was moved to '4903067c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphcvw5j0evag.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4926068b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\phcvw5j0evag.bmp.vir
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '49210683.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002134.exe
[DETECTION] Is the TR/Dldr.VB.gob Trojan
[NOTE] The file was moved to '48ee069c.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002135.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef875.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002136.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee069e.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002137.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef877.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002138.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee069d.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002139.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '494ef876.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002140.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee069f.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002141.exe
[DETECTION] Is the TR/PSW.Delf.abx.2 Trojan
[NOTE] The file was moved to '494ef848.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000137.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06ac.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000138.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef845.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000139.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06ad.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000140.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef846.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000141.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '48ee06af.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000142.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '494ef858.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000143.exe
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06ae.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000144.exe
[DETECTION] Is the TR/Dldr.Exchanger.AM Trojan
[NOTE] The file was moved to '494ef847.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000146.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48ee06a0.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000207.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '48ee06b1.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000208.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef85a.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000209.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06b3.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000210.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06b2.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000211.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '494ef85b.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000212.dll
[DETECTION] Is the TR/Agent.vgo Trojan
[NOTE] The file was moved to '48ee06b4.qua'!
End of the scan: Tuesday, September 02, 2008 20:54
Used time: 1:03:58 Hour(s)
The scan has been done completely.
12179 Scanning directories
317793 Files were scanned
42 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
43 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
317748 Files not concerned
4025 Archives were scanned
2 Warnings
43 Notes
