27 replies to this topic

[Markka]

Hi, Next step is kaspersky online scanner. Check my previous post.

[bwhite]

Tuesday, September 18, 2007 7:27:17 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 18/09/2007 Kaspersky Anti-Virus database records: 420258 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics Total number of scanned objects 170363 Number of viruses found 27 Number of infected objects 95 Number of suspicious objects 4 Duration of the scan process 03:21:50 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{22838734-FA25-4E40-8103-63E464A11270}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3637010562_5242880_9097 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{8ABB8F74-B916-4DCB-AB68-BED36B97C3D1}.TmpSBE Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 14:30 from Branch Banking and Trust:[SPAM] Official .html Infected: Trojan-Spy.HTML.Bankfraud.rw skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 14:30 from Branch Banking and Trust:[SPAM] Official /conjugal.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 16:54 from BB&T:[SPAM] Important security update. [F.html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 3 skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temp\~DF4F8C.tmp Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\Documents and Settings\Owner.chico\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner.chico\ntuser.dat.LOG Object is locked skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\QooBox\Quarantine\C\DOCUME~1\OWNER~1.CHI\APPLIC~1\STEM~1\nоpdb.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gc skipped C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bnofjuej.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fjbfqgij.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kgpvqtfl.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kncyybtc.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rfnijoou.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rkktuaoe.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xkioqhst.exe.vir Infected: Trojan.Win32.Agent.bck skipped C:\QooBox\Quarantine\C\WINDOWS\WNSXS~1\wοwexec.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP640\A0033233.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033333.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033345.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033347.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033355.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033356.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033357.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033361.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033362.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033365.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033368.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033371.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033372.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033375.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033377.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP643\A0033378.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP646\A0033441.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP646\A0033442.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP646\A0033443.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP646\A0033444.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP646\A0033468.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gd skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP652\A0033855.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP671\A0038225.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038308.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038308.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038308.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038331.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038332.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038333.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038334.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038335.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038336.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038337.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP673\A0038339.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP674\A0038347.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP674\A0038348.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP674\A0038348.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP674\A0038348.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP674\A0038369.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038651.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038652.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038654.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038656.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038658.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038659.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038660.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038662.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038663.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038665.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038666.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038667.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038676.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038677.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038678.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038681.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038683.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP675\A0038688.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP686\A0041122.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP687\A0041182.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP687\A0041182.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP687\A0041182.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044417.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044418.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044419.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044420.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044421.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044422.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044423.exe Infected: Trojan.Win32.Agent.bck skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044427.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP694\A0044430.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\A0044784.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\A0044785.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\A0044786.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\A0044787.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\A0044788.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP696\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A032347B-150A-4362-A8EA-42C12E318635}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{CCAC8D69-BEF3-455B-A945-ADB9479B4A0B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\Temp\mcafee_BbSqpTlF41cciKq Object is locked skipped C:\WINDOWS\Temp\mcafee_vJmqt3GmGWTRJcD Object is locked skipped C:\WINDOWS\Temp\mcmsc_40QQy6apRKe4pPT Object is locked skipped C:\WINDOWS\Temp\mcmsc_dZRLeCZGS6KbF4e Object is locked skipped C:\WINDOWS\Temp\mcmsc_HMxTUsHlbRnhhVx Object is locked skipped C:\WINDOWS\Temp\mcmsc_j6fFI3JQOaRGyc5 Object is locked skipped C:\WINDOWS\Temp\sqlite_0hXGCJrjErW6V2a Object is locked skipped C:\WINDOWS\Temp\sqlite_OgbVXtbAHErCffP Object is locked skipped C:\WINDOWS\Temp\sqlite_Qht2gb8SvpD82gj Object is locked skipped C:\WINDOWS\Temp\sqlite_t5alfc0W2wRc22r Object is locked skipped C:\WINDOWS\Temp\sqlite_zw1GzaRR833wqUO Object is locked skipped C:\WINDOWS\Temp\sqlite_zxACuvBKOacvD5n Object is locked skipped C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

[bwhite]

Can I close the Kaspersky browser window or does anything else need to happen?
Thanks,
bw

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:14 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6624 bytes

[Markka]

Hello

Delete this file:

C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst


Delete this folder:

C:\QooBox
____________________

Delete these messages in Outlook: (inbox and empty Deleted)

C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 14:30 from Branch Banking and Trust:[SPAM] Official .html Infected: Trojan-Spy.HTML.Bankfraud.rw skipped

C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 14:30 from Branch Banking and Trust:[SPAM] Official /conjugal.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped

C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Mar 2007 16:54 from BB&T:[SPAM] Important security update. [F.html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
__________________

Disable system restore:

• Right click on my computer icon
• Choose properties
• Click on system restore tab
• Select Turn off System Restore
• Click apply and click OK
• Reboot!

Enable system restore:

• Right click on my computer icon
• Choose properties
• Click on system restore tab
• un-check Turn off System Restore
• Click apply and click OK
• Reboot!

___________________

Re-run with Kaspersky online scanner!

Post:
- A fresh HijackThis log
- Kaspersky's report

[bwhite]

Hello!
I was able to do everything but delete the .pst file.
The Qoo folder had to be deleted one file at a time but I was able to delete it.
Here is the HJT log but the other 3.5 hours to scan last time so I will post that one later.
Thanks so much!
bw

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:06 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6559 bytes

[Markka]

Hi, OK I'm waiting

[bwhite]

KASPERSKY ONLINE SCANNER REPORT Wednesday, September 19, 2007 11:18:06 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 20/09/2007 Kaspersky Anti-Virus database records: 420980 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics Total number of scanned objects 167408 Number of viruses found 2 Number of infected objects 4 Number of suspicious objects 4 Duration of the scan process 03:19:50 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3637010562_7733248_1106 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{0E6B7C0A-208B-4ABC-9CE4-294C918CA36B}.TmpSBE Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temp\~DF2C7A.tmp Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temp\~DFC83B.tmp Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\Documents and Settings\Owner.chico\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner.chico\ntuser.dat.LOG Object is locked skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\olddata\Documents and Settings\All Users\My Documents\backup.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{03C08053-A4E2-4498-9088-4902996696A4}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{02F8A7D3-E573-409E-BB08-3C02C0188ECC}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\Temp\mcafee_PWfMj20Jcn0tsVB Object is locked skipped C:\WINDOWS\Temp\mcmsc_M9weOqKAFV3EHou Object is locked skipped C:\WINDOWS\Temp\mcmsc_WZK3kJqaBZkepBe Object is locked skipped C:\WINDOWS\Temp\sqlite_8ViUaDcZGF3FThQ Object is locked skipped C:\WINDOWS\Temp\sqlite_E3fPJ4dPzpYgimM Object is locked skipped C:\WINDOWS\Temp\sqlite_GjDG2CydpNbvGsc Object is locked skipped C:\WINDOWS\Temp\sqlite_JHFHiXeh4iyuFt5 Object is locked skipped C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\change.log Object is locked skipped Scan process completed.

[Markka]

Hello

Remove the following files, if you don't need them:

C:\Documents and Settings\Owner.chico\My Documents\Documents and Settings\All Users\My Documents\backup.pst
C:\olddata\Documents and Settings\All Users\My Documents\backup.pst

Re-run again with Kaspersky online scanner! (This is last time )

Post:
- A fresh HijackThis log
- Kaspersky's report

[bwhite]

KASPERSKY ONLINE SCANNER REPORT Friday, September 21, 2007 5:23:18 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 21/09/2007 Kaspersky Anti-Virus database records: 421631 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics Total number of scanned objects 172346 Number of viruses found 2 Number of infected objects 4 Number of suspicious objects 4 Duration of the scan process 03:17:53 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3637010562_7733248_1106 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{0E6B7C0A-208B-4ABC-9CE4-294C918CA36B}.TmpSBE Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temp\~DFC30E.tmp Object is locked skipped C:\Documents and Settings\Owner.chico\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner.chico\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner.chico\ntuser.dat.LOG Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc28.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc28.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc28.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc28.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc29.pst/Personal Folders/Deleted Items/05 Nov 2002 19:47 from Lori Hood:RE: Hi,lhood,how are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc29.pst/Personal Folders/Deleted Items/17 Jan 2003 22:22 from mtnlamb:Holds membership..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc29.pst/Personal Folders/Deleted Items/21 Apr 2003 17:31.eml Infected: Email-Worm.Win32.MTX skipped C:\RECYCLER\S-1-5-21-227883321-4164974605-679464696-1005\Dc29.pst Mail MS Mail: infected - 1, suspicious - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{03C08053-A4E2-4498-9088-4902996696A4}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{02F8A7D3-E573-409E-BB08-3C02C0188ECC}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\Temp\mcafee_adKyFBbEmQMDeZj Object is locked skipped C:\WINDOWS\Temp\mcafee_PWfMj20Jcn0tsVB Object is locked skipped C:\WINDOWS\Temp\mcmsc_w2KszUPLV1Gyfdg Object is locked skipped C:\WINDOWS\Temp\mcmsc_WZK3kJqaBZkepBe Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_670.dat Object is locked skipped C:\WINDOWS\Temp\sqlite_0Hx9nHCelbeoInN Object is locked skipped C:\WINDOWS\Temp\sqlite_5nJa1iB368PqIwN Object is locked skipped C:\WINDOWS\Temp\sqlite_8ViUaDcZGF3FThQ Object is locked skipped C:\WINDOWS\Temp\sqlite_E3fPJ4dPzpYgimM Object is locked skipped C:\WINDOWS\Temp\sqlite_GjDG2CydpNbvGsc Object is locked skipped C:\WINDOWS\Temp\sqlite_JHFHiXeh4iyuFt5 Object is locked skipped C:\WINDOWS\Temp\sqlite_PuGEEu7AzkOV7H6 Object is locked skipped C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

[bwhite]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:54 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O23 - Service: McAfee Application Installer Cleanup (0099721190258846) (0099721190258846mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP9972~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6818 bytes

[Markka]

Hello

Empty your Recycle Bin!

Otherwise all logs are clean! How is your computer running now?

Here are a couple of things how to stay clean:

• Clean speech:
  
• Use Mozilla firefox or Opera as your browser!
  Mozilla firefox or Opera are better than Internet Explorer.
  Download Mozilla firefox from here!
  Download Opera from here!
  
• Install Hosts-file!
  Hosts-file blocks bad web addresses. Remember to update hosts-file regularly.
  Download Hosts-file from here!
  
• Install Winpatrol!
  Winpatrol monitors your system and blocks hijacks.
  Download Winpatrol from here!
  
• Install AVG Anti-Spyware!
  AVG anti-spyware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
  Download AVG anti-spyware from here!
  
• Install Ccleaner!
  CCleaner cleans your temporary files and also cleans your register. Run CCleaner regularly.
  Download CCleaner from here!
  
• Install Ad-Aware!
  Ad-aware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
  Download Ad-aware from here!
  
• Install SpywareBlaster!
  Spywareblaster blocks bad activeX-components. Update it regularly.
  Download Spywareblaster from here!
  
• System restore!
  Clean and create a new system restore point regularly.
  How do I clean my system restore and create the new system restore point?
  Here are instructions!
  
• Keep all programs updated!
  Remember to keep all programs up-to-date, also Windows. So please visit here regularly and install all critical updates.

[bwhite]

Computer is running so much better! Kudos!! and Thank you!! I will follow your advice when I return home. Thanks again! bjw

[Markka]

You're welcome!