I knew as soon as I clicked the comboFix a second time that I shouldn't have been doing it... sorry, I really did know better. One thing I would like to note is when things are going on I get an error message window that looks like this:
Regedit.exe unable to locate component
- This application has failed to start because clb.dll was not found. Re-installing the application may fix this problem.
It pops up a couple times, I hit OK a couple times, then goes away. Not sure if this is something to worry about or not?
thank you again for your help
ComboFix Log, new HJT log and online scan thing log posted below:
ComboFix Log:
ComboFix 08-04-26.5 - Us 2008-04-28 0:39:19.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.871 [GMT -4:00]
Running from: C:\Documents and Settings\Us\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Us\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll
C:\system32\drivers\vmdesched.sys
C:\WINDOWS\BM53c11335.xml
C:\WINDOWS\system32\cdosys.dll
C:\WINDOWS\system32\clb.dll
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\drivers\vmdesched.sys
C:\WINDOWS\system32\hnadaonj.dll_old
C:\WINDOWS\system32\yjmnuehw.dll_old
C:\WINDOWS\TEMP\mc29.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-27 10:54 . 2008-04-27 10:54 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-27 10:54 . 2008-04-27 10:54 2,537 --a------ C:\WINDOWS\unins000.dat
2008-04-27 10:48 . 2008-04-27 10:48 578 --a------ C:\WINDOWS\index.html
2008-04-27 09:10 . 2008-04-27 10:48 28,160 --a------ C:\WINDOWS\system32\clbdll.dll
2008-04-27 09:10 . 2008-04-27 09:10 6,656 --a------ C:\WINDOWS\system32\drivers\clbdriver.sys
2008-04-27 09:10 . 2004-08-10 07:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 12:25 --------- d-----w C:\Documents and Settings\Us\Application Data\uTorrent
2008-03-26 02:42 --------- d-----w C:\Program Files\uTorrent
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-09 19:16 --------- d-----w C:\Documents and Settings\Us\Application Data\Sony Corporation
2008-03-09 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 19:13 --------- d-----w C:\Program Files\Sonic
2008-03-09 19:09 --------- d-----w C:\Program Files\Sony
2008-03-09 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 13:13 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-02-29 13:13 --------- d-----w C:\Program Files\SmartFTP Client
2008-02-29 13:10 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-12-31 05:00 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_21.16.19.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2004-08-10 11:00:00 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-08-10 11:00:00 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2008-04-28 01:07:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 04:47:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-28 01:07:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-28 04:26:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-28 01:07:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-28 04:26:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-28 01:07:41 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-28 04:26:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 08:23 1174528]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 08:24 341504]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 08:26 1313792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="" []
"igfxtray"="" []
"igfxhkcmd"="" []
"igfxpers"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"SigmatelSysTrayApp"="" []
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-28 17:02 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"MimBoot"="" []
"LXSUPMON"="" []
"HostManager"="C:\Program Files\Common Files\AOL\1136009206\ee\AOLSoftware.exe" [2006-04-20 13:10 50792]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58 1773568]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-22 08:27 185784]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-04-30 19:46 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"combofix"="C:\WINDOWS\system32\CF20613.exe" [2004-08-10 07:00 388608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-30 23:52:33 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.X264"= x264vfw.dll
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.MSUD"= msulvc05.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\@Last Software\\SketchUp 4\\SketchUp.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136009206\\ee\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136009206\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp deskjet 9600 series\\Toolbox\\HPWITBX.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
S3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2002-02-27 14:59]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 05:16:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 05:00:26 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-28 00:48:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-28 0:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-28 04:57:31
ComboFix2.txt 2008-04-28 01:40:20
ComboFix3.txt 2008-04-28 01:17:28
ComboFix4.txt 2007-12-11 02:03:21
Pre-Run: 87,408,447,488 bytes free
Post-Run: 87,394,852,864 bytes free
205 --- E O F --- 2008-04-12 20:03:52
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 01:01, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\AOL\1136009206\ee\AOLSoftware.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1136009206\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF20613.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) -
http://disney.go.com...OnlineGames.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
https://www.gamespyid.com/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai...l/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) -
http://24.213.36.254/activex/AMC.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://cvs.pnimedia....tupv2.0.0.9.cab?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
Online Scan thing log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-28 07:36
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/04/2008
Kaspersky Anti-Virus database records: 728406
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 177478
Number of viruses found: 24
Number of infected objects: 43
Number of suspicious objects: 8
Duration of the scan process: 01:43:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Us\triggers.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Us\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Us\Desktop\Andy's Stuff\00 - IDI Stuff\IDI - Outlook Stuff.pst/Personal Folders/Deleted Items/07 Jun 2006 01:31 from eBay:You Won eBay Item: IBM Thinkpad I Se.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Desktop\Andy's Stuff\00 - IDI Stuff\IDI - Outlook Stuff.pst/Personal Folders/Deleted Items/16 Jun 2006 11:32 from News:News Update/Michael Jackson.zip/Suicide note and article.exe Infected: Backdoor.Win32.Breplibot.ai skipped
C:\Documents and Settings\Us\Desktop\Andy's Stuff\00 - IDI Stuff\IDI - Outlook Stuff.pst/Personal Folders/Deleted Items/16 Jun 2006 11:32 from News:News Update/Michael Jackson.zip Infected: Backdoor.Win32.Breplibot.ai skipped
C:\Documents and Settings\Us\Desktop\Andy's Stuff\00 - IDI Stuff\IDI - Outlook Stuff.pst/Personal Folders/Sent Items/01 Nov 2005 13:40 to spoof@ebay.com:FW: eBay Security Validation.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Desktop\Andy's Stuff\00 - IDI Stuff\IDI - Outlook Stuff.pst MailMSMaill: infected - 2, suspicious - 2 skipped
C:\Documents and Settings\Us\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/06 May 2006 15:40 from eBay:You Won eBay Item: COLD HEAT SOLDERI.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/07 Jun 2006 01:31 from eBay:You Won eBay Item: IBM Thinkpad I Se.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/16 Jun 2006 20:15 from customerservice10@paypal.com:Thank you fo.eml Infected: Trojan-Spy.HTML.Paylap.cf skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/01 Jul 2006 16:21 from eBay:You Won eBay Item: IBM Thinkpad I Se.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/23 Aug 2006 22:38 from eBay:You Won eBay Item: Compaq Tablet PC .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/20 Sep 2006 13:30 from Jack Korpi:We received this message but n/Update-KB9052-x86.exe Infected: Email-Worm.Win32.Warezov.aj skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/27 Nov 2006 12:25 from brenda hall:test/message.dat.pif Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/27 Nov 2006 12:21 from serv@selectplans.com:Mail server report./Update-KB6906-x86.zip/Update-KB6906-x86.exe Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/27 Nov 2006 12:21 from serv@selectplans.com:Mail server report./Update-KB6906-x86.zip Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/27 Nov 2006 13:32 from den:Status/readme.zip/readme.msg.bat Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/27 Nov 2006 13:32 from den:Status/readme.zip Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/01 Dec 2006 04:15 from adam martin:Mail Delivery System/readme.zip/readme.msg.exe Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/01 Dec 2006 04:15 from adam martin:Mail Delivery System/readme.zip Infected: Email-Worm.Win32.Warezov.hb skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/30 Dec 2006 16:48 from revealing:Happy New Year!/Postcard.exe Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/19 Jan 2007 00:07 from Tristan M. Grimes:Naked teens attack home/Full Clip.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/20 Feb 2007 01:57 from eBay:FPA NOTICE: eBay Registration Suspen.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/14 Sep 2007 23:45 from Bianca Spencer:Hot pictures/player.zip/player.exe Infected: Trojan-Downloader.Win32.Agent.djt skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/14 Sep 2007 23:45 from Bianca Spencer:Hot pictures/player.zip Infected: Trojan-Downloader.Win32.Agent.djt skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/08 Oct 2007 04:07 from Roger Boyle:Here is it/shame.zip/she.exe Infected: Trojan-Dropper.Win32.Agent.bzp skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/08 Oct 2007 04:07 from Roger Boyle:Here is it/shame.zip Infected: Trojan-Dropper.Win32.Agent.bzp skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/23 Nov 2007 20:40 from service@e-gold.com:Unusual Activity Detec.html Infected: Trojan-Spy.HTML.Goldfraud.t skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/09 Jan 2008 02:39 from Edwin Finley:You have card/card.zip/Card.exe Infected: Trojan-Dropper.Win32.Agent.dlt skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/09 Jan 2008 02:39 from Edwin Finley:You have card/card.zip Infected: Trojan-Dropper.Win32.Agent.dlt skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/20 Jan 2008 18:05 from Alejandro Meeks:Merry Christmas/card.zip/card.scr Infected: Trojan-Downloader.Win32.Diehard.dl skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/20 Jan 2008 18:05 from Alejandro Meeks:Merry Christmas/card.zip Infected: Trojan-Downloader.Win32.Diehard.dl skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/03 Feb 2008 15:06 from Paypal:Paypal.html Infected: Trojan-Spy.HTML.Paylap.kf skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/03 Feb 2008 14:02 from Paige Grover:Something hot/xvideo.zip/xvideo.scr Infected: Trojan-Downloader.Win32.Agent.idm skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/03 Feb 2008 14:02 from Paige Grover:Something hot/xvideo.zip Infected: Trojan-Downloader.Win32.Agent.idm skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Feb 2008 15:34 from Betsy Pearce:Happy Valentine's day /card.zip/card.scr Infected: Trojan-Downloader.Win32.Diehard.ej skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Feb 2008 15:34 from Betsy Pearce:Happy Valentine's day /card.zip Infected: Trojan-Downloader.Win32.Diehard.ej skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Sent Items/20 Feb 2007 02:32 to spoof@ebay.com:FW: FPA NOTICE: eBay Registr.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Outlook\outlook.pst MailMSMaill: infected - 25, suspicious - 6 skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Us\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Us\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped
C:\Documents and Settings\Us\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Us\ntuser.dat Object is locked skipped
C:\Documents and Settings\Us\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Us\Shared\bongos bass and bob.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Program Files\Spyware Doctor\tools\swpg.DAT Infected: not-a-virus:Monitor.Win32.KeyLogger.dq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDWoMe.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-28_ 04517.17.zip/hnadaonj.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\catchme2008-04-28_ 04517.17.zip/yjmnuehw.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\catchme2008-04-28_ 04517.17.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP138\A0008974.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP138\A0009011.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP138\A0009022.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP138\A0009023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP138\A0009028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP139\A0009041.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP140\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{091A9E8B-08C1-4E5E-9031-1C2FD44CF659}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HHHQ78Y\1[1].exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.c skipped
C:\WINDOWS\system32\drivers\clbdriver.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\mcafee_9qxtuJfYUiIGLJ5 Object is locked skipped
C:\WINDOWS\TEMP\mcafee_UuBlcz8speHTN8X Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_DcNZkVKImkm8K41 Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_wC5YY4RKc6ZXLni Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.