[selftitled10]

After completing all of the scans as directed there were still infections that couldn't be quarantined by each scanning software. It all started when the computer started to become a little slower, trend micro wouldn't stop popping up warnings about infections that couldn't be taken care of, and just recently everytime i open up internet explorer a pop-up ad appears with every different webpage i go to.

Infected file: C:\WINDOWS\MSN93.EXE
Virus name: TROJ_AGENT.CXD

I can post any of the logs for spybot, adaware, trend micro pccillin, and edwido.

<center>-----------------------------------------------------------</center>

Here is my hijack this log:




Logfile of HijackThis v1.99.1
Scan saved at 12:25:52 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\msn93.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TSC.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: http://www.shutterfly.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/popinsan...aploader_v7.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\msn93.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

[Armodeluxe]

Hi selftitled10,

Open HiJackThis.
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS

And select the file

MSN93.EXE

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.

After reboot go to Start > Run and copy/paste the lines below into the run box, one by one and click OK after pasting each line.

sc stop rundll.exe
sc delete rundll.exe

Then please post these two logs for me, you may have to make seperate posts as they both may not fit into one post.

a)1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

b) Please do an online scan with Kaspersky WebScanner. If you have any quarantined items in your antivirus, please delete those archives before the scan.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
  
  
• Click OK
  
• Now under select a target to scan:
  Select My Computer
  
  
• This program will start and scan your system.
  
• The scan will take a while so be patient and let it run.
  
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

[selftitled10]

I followed the instructions to get rid of msn93.exe, but there was no such file. I assumed the file could have been invisible because both pccillin and hijack this found it. so I just typed msn93.exe while in c:/WINDOWS/ and it never promted my that the file was non-existent so it carried on to the restart. While the computer was starting up I immediately got notified of the virus in msn93 by pccillin, the notifications i get constantly every 5 minutes.
For the next step run.dll didn't have any complications, but combofix did. It continuously prompted me "16 bit MS-DOS Subsystem: Find3m c:\Docume~1\New\locals~1\temp. A temporary file needed for initialization could not be created or could not be written to. Make sure that the directory path exist, and disk space is available. Choose 'Close' to terminate Aplication." (the other option was 'Ignore.' so constantly clicked ignore until the computer restarted without warning and the same message popped up a million time, and again i clicked ignore. Reluctantly there was still a log:

----------------------------------------------------------

Start Time= Sat 07/29/2006 14:05:27.04
Running from: C:\Documents and Settings\New\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

14:08:50.57


No infected Qoologic files found. Reg entries were fixed


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload292a.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Z8HAJE1\drsmartload292a[1].exe
C:\WINDOWS\keyboard1.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CARPService"="carpserv.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"AutoLogon"=""
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe"
"FLMK08KB"="C:\\Program Files\\Muiltmedia keyboard utility\\1.1\\MMKEYBD.EXE"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Compaq]
"SetRefresh"="C:\\PROGRA~1\\Compaq\\SETREF~1\\SetRefresh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.forever21.com/images/large/27848401-01.jpg"
"SubscribedURL"="http://www.forever21.com/images/large/27848401-01.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:14,6d,51,02,41,c0,b4,74,20,10,17,00,68,de,51,02,20,6d,\
51,02,22,f0,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: Sat 07/29/2006 14:11:50.06
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

----------------------------------------------------------
Just after the log popped up a message appeared "NDP20-KB917283-X86.exe encountered a problem and needed to close." Don't know if it's significant.



During the kaspersky virus scanner these all poped up on pccillin saying that they can't get rid of them:

Infected file: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6HWPER4N\loader[1].exe
Virus name: TROJ_ADLOAD.HW

Infected file: C:\RDFX4.exe
Virus name: ADW_SMALL.AAQ

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044768.exe
Virus name: TROJ_VB.AYI (many varieties)

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044818.exe
Virus name: ADW_SURFKICK.U

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044773.exe
Virus name: ADW_UCMORE.E

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044929.exe
Virus name: SPYW_SMALL.B

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044936.exe
Virus name: ADW_LOOK2ME.Y

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044939.exe
Virus name: SPYW_BISPY.A

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044940.exe
Virus name: ADW_BKDSPACE.A

Infected file: C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044942.dll
Virus name: ADW_NETPALS.B

Infected file: C:\WINDOWS\system32\clickspring.exe
Virus name: ADW_CLICKSPRNG.E

Infected file: C:\WINDOWS\system32\ezPopStub.exe
Virus name: ADW_WEBOFFER.B

Infected file: C:\WINDOWS\system32\horoscope.exe
Virus name: ADW_MYDLYSCOPE.A



----------------------------------------------------------

Here is my kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Saturday, July 29, 2006 3:59:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 210716


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 62486
Number of viruses found 69
Number of infected objects 379 / 0
Number of suspicious objects 11
Duration of the scan process 01:21:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/drsmartload849a7h.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload46a7h.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload45a7h.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/drsmartload292a.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Z8HAJE1\install[1].exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Z8HAJE1\install[1].exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Z8HAJE1\install[1].exe NSIS: infected - 2 skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\New\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\New\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\New\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\New\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped

C:\Documents and Settings\New\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New\ntuser.dat Object is locked skipped

C:\Documents and Settings\New\ntuser.dat.LOG Object is locked skipped

C:\gogogo.exe Infected: Backdoor.Win32.IRCBot.ih skipped

C:\gozgogo.exe Infected: Backdoor.Win32.IRCBot.ih skipped

C:\mc-110-12-0000107.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\mc-110-12-0000107.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\mc-110-12-0000107.exe NSIS: infected - 2 skipped

C:\Program Files\Expertcity\GoToMyPC\g2hook.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped

C:\Program Files\Expertcity\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\10.tmp Infected: Trojan.Win32.P2E.bt skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp Infected: Trojan.Win32.Crypt.d skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\193.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19B.tmp Infected: Trojan-Dropper.Win32.Delf.jm skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19E.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B2.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B2.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B2.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B2.tmp ZIP: infected - 3 skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B2.tmp CryptFF.b: infected - 3 skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C6.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\25.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\26.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\27.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\27A.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\27F.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\29.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2A.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2D.tmp Infected: Trojan.Win32.P2E.bt skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2E.tmp Infected: Trojan-Downloader.Win32.ConHook.c skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2F.tmp Infected: Backdoor.Win32.Agent.gl skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\30.tmp Infected: Backdoor.Win32.Agent.gl skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\31.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\32.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\33.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\34.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\35.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\36.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\37.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\38.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\39.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3A.tmp Infected: Trojan-Downloader.Win32.Vivia.l skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3B.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3C.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3D.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3E.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3F.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\40.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\41.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\42.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\43.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\44.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\45.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\46.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\47.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\48.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\49.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4A.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4B.tmp Infected: Trojan-Downloader.Win32.Adload.cw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4C.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4D.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.Vivia.l skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4F.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5.tmp Infected: Trojan-Downloader.Win32.Vivia.k skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\50.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\51.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\52.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\53.tmp Infected: Trojan.Win32.LowZones.an skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\54.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\55.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\56.tmp Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\57.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\59.tmp Infected: Trojan-Downloader.Win32.Agent.ala skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5A.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5B.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5B.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5B.tmp NSIS: infected - 2 skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5B.tmp CryptFF.b: infected - 2 skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5C.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5D.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\60.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\61.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\62.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\63.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\64.tmp Infected: Trojan-Downloader.Win32.Agent.ala skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\67.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\68.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\69.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6A.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6B.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6C.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6D.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6E.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\70.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\72.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\73.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\74.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\75.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\76.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\78.tmp Infected: Trojan-Downloader.Win32.ConHook.c skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\79.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7A.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7B.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7D.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7F.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp Infected: Trojan.Win32.Crypt.d skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\81.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\82.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\83.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\84.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\86.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\87.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\88.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\89.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8A.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8B.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8C.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8D.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8E.tmp Infected: P2P-Worm.Win32.SpyBot.hd skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8F.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8FD.tmp Infected: Trojan-Downloader.Win32.Adload.de skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9.tmp Infected: Trojan-Downloader.Win32.Vivia.p skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\90.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\92.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\94.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\95.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\97.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\98.tmp Infected: Backdoor.Win32.SdBot.aad skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\99.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9A.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9B.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9D.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9F.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A1.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A2.tmp Infected: Backdoor.Win32.SdBot.aad skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A3.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A5.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A6.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A7.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\AC.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\AE.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C.tmp Infected: Backdoor.Win32.Wisdoor.au skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C46.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C47.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\C48.tmp Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\cutil.dll Infected: Trojan.Win32.Agent.cs skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\D.tmp Infected: Backdoor.Win32.Agent.ec skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E.tmp Infected: Trojan-Downloader.Win32.Vivia.k skipped

C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F.tmp Infected: Trojan-Downloader.Win32.Vivia.p skipped

C:\RDFX4.exe Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP370\A0043464.exe Suspicious: Packed.Win32.CryptExe skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044738.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044767.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044769.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044769.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044769.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044773.exe Object is locked skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044800.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044808.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044809.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044811.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044812.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044814.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044815.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044816.exe Infected: Trojan-Downloader.Win32.WinShow.z skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044817.exe Infected: Trojan-Downloader.Win32.WinShow.z skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044818.exe Object is locked skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044819.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044820.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044821.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044822.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044823.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044824.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044825.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044826.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044827.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044828.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044829.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044830.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044831.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044832.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044834.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044835.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044836.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044837.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044838.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044839.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044840.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044842.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044844.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044845.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044846.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044847.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044849.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044850.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044851.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044852.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044853.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044854.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044855.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044856.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044857.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044858.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044859.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044860.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044861.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044862.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044863.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044864.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044865.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044866.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044868.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044869.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044870.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044871.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044872.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044873.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044874.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044875.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044876.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044877.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044878.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044879.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044880.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044882.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044883.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044884.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044885.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044886.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044887.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044888.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044889.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044890.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044891.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044892.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044893.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044894.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044895.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044897.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044899.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044900.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044901.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044902.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044903.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044904.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044905.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044906.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044907.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044908.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044910.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044911.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044912.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044913.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044914.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044915.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044916.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044917.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044918.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044919.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044920.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044921.exe Infected: Backdoor.Win32.Agent.ec skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044922.exe Infected: Backdoor.Win32.Agent.gl skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044923.exe Infected: Backdoor.Win32.Agent.gl skipped

C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP375\A0044924.exe Infected: Backdoor.Win32.Agent.gl skipped

C:\System Volume Information�

[selftitled10]

don't think it displayed the full log so i'll attatch it

Attached File(s)

•  log_kaspersky.html (298.81K)
  Number of downloads: 14

[Armodeluxe]

Please delete everything quarantined in Trend Micro. Also purge all recovery items in Spybot. I don't know why Combofix failed, I will contact the developer.

Please download the Killbox.
Unzip it to the desktop.

1) Please run Killbox.

2) Select "Delete on Reboot". Click on "All Files".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\gogogo.exe
C:\gozgogo.exe
C:\mc-110-12-0000107.exe/
C:\temp.exe
C:\WINDOWS\games.exe
C:\WINDOWS\rdzpdan.exe
C:\WINDOWS\system32\aisysUS.exe
C:\WINDOWS\system32\axpfbho.exe
C:\WINDOWS\system32\betterinternet.exe
C:\WINDOWS\system32\dmk052404.exe
C:\WINDOWS\system32\dmksys.exe
C:\WINDOWS\system32\ezPopStub.exe
C:\WINDOWS\system32\gbhordm.exe
C:\WINDOWS\system32\gotomon.dll
C:\WINDOWS\system32\greenstd.exe
C:\WINDOWS\system32\horoscope.exe
C:\WINDOWS\system32\inetkw.exe
C:\WINDOWS\system32\inetkwsys.exe
C:\WINDOWS\system32\kbhordm.exe
C:\WINDOWS\system32\keywordsys.exe
C:\WINDOWS\system32\kwdstd.exe/
C:\WINDOWS\system32\mamma-dmk-ss.exe
C:\WINDOWS\system32\mamma-dummy.exe
C:\WINDOWS\system32\mamma-ez-ss.exe
C:\WINDOWS\system32\mamma-kw-ss.exe
C:\WINDOWS\system32\mssysapps\aisysUS.exe
C:\WINDOWS\system32\mssysapps\webrebates_installas.exe
C:\WINDOWS\system32\obpohkma\prsmdnvb.dll
C:\WINDOWS\system32\qbi3sys.exe
C:\WINDOWS\system32\ss_ABC3_setup.exe
C:\WINDOWS\system32\targetsavers.exe
C:\RDFX4.exe
C:\WINDOWS\system32\clickspring.exe
C:\WINDOWS\MSN93.EXE
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6HWPER4N\loader[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8Z8HAJE1\install[1].exe


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do You Want to Reboot Now prompt.

Let's also check for rootkits.

Please run a GMER Rootkit scan:

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't. Also try when you get to the Rootkit tab unchecking "Devices" from the list on the right.

[Armodeluxe]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Armodeluxe]

Reopened upon request.

Please post the Gmer log.

Also mention any problems you are still having, if any.

[selftitled10]

Thank you so much! here is the gmer log:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-13 21:51:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}

---- EOF - GMER 1.0.10 ----


The I've seen a few of those trend micro pc-cillin promts. the last one was AddUCMore again.

[Armodeluxe]

Rootkit scan is clean. I wonder if you got reinfected. Please post:

1) a new HijackThis log

2) a new Kaspersky log (attach it like before)

[Armodeluxe]

Forgot to mention, Kaspersky was updated recently, before running a scan, you have to uninstall the old version from Add/Remove programs and then download the new version.

[selftitled10]

Logfile of HijackThis v1.99.1
Scan saved at 9:10:44 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\New\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: http://www.shutterfly.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/popinsan...aploader_v7.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

------------------------------------------------------------------------------------------



I wont be back until next tuesday because i'm visiting my father. Again, Thanks so much!

Attached File(s)

•  log_kaspersky.html (250.44K)
  Number of downloads: 5

[Armodeluxe]

Delete this file:

C:\WINDOWS\system32\kwdstd.exe

The rest are detections in the Killbox backups and infected system restore points.

You can delete the C:\!Killbox folder.

Your log looks clean now.

Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Please take the following into consideration to maintain a clean computer.


I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe

[Armodeluxe]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.