Here is the look.bat txt:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdater"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bssa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="notepad"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\ECURIT~1\\notepad.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CurseClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CurseClient"
"hkey"="HKCU"
"command"="C:\\Program Files\\Curse\\CurseClient.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\igndlm.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlm"
"hkey"="HKCU"
"command"="C:\\Program Files\\FilePlanet\\Download Manager\\dlm.exe /windowsstart /startifwork"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pctsTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSConfig]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSConfig "
"hkey"="HKLM"
"command"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig .exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSnD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Derek^Start Menu^Programs^Startup^Spruce - Auto Update.lnk]
"path"="C:\\Documents and Settings\\Derek\\Start Menu\\Programs\\Startup\\Spruce - Auto Update.lnk"
"backup"="C:\\WINDOWS\\pss\\Spruce - Auto Update.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Spruce\\Spruce.exe /DELAY=120"
"item"="Spruce - Auto Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Derek^Start Menu^Programs^Startup^TA_Start.lnk]
"path"="C:\\Documents and Settings\\Derek\\Start Menu\\Programs\\Startup\\TA_Start.lnk"
"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"
"location"="Startup"
"command"="C:\\DOCUME~1\\Derek\\LOCALS~1\\Temp\\T0CHD001.exe CHD001"
"item"="TA_Start"
Here is the Kapersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-03-29 19:01
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/03/2008
Kaspersky Anti-Virus database records: 672629
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 48916
Number of viruses found: 7
Number of infected objects: 102
Number of suspicious objects: 0
Duration of the scan process: 00:32:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\history.dat Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\key3.db Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Derek\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0011/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.m skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0011/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.m skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0011 Infected: not-a-virus:AdWare.Win32.TrafficSol.m skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0012/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.jj skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0012/stream Infected: not-a-virus:AdWare.Win32.BHO.jj skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe/data0012 Infected: not-a-virus:AdWare.Win32.BHO.jj skipped
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn8pvz4m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek\Local Settings\Temp\Av-test.txt Infected: EICAR-Test-File skipped
C:\Documents and Settings\Derek\Local Settings\Temp\RCX4.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Derek\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Analog Devices\Core\smax4pnp.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\iTunes\iTunesHelper.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-202636-925-source.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyv.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX10.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX11.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1E.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCXA.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCXF.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vkolhpqj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ydbpebfn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-28_230728.64.zip/gebyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-28_230728.64.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006300.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006301.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006308.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006332.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006337.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006338.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006340.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006341.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006342.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006343.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006344.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP102\A0006354.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP103\A0006364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP103\A0006367.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP103\A0006369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP103\A0006423.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP104\A0006565.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP105\A0006578.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP105\A0006581.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0006864.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0006885.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0006886.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0006976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0007009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0007019.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0007027.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0007030.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0009042.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0009045.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP106\A0009054.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP108\A0009064.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP108\A0009068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP108\A0009069.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP108\A0009125.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009214.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009215.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009216.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009217.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009218.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009219.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009220.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009221.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009222.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009223.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009233.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP111\A0009251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP112\change.log Object is locked skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP95\A0005122.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP95\A0005129.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP95\A0005135.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP95\A0005136.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005144.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005150.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005157.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005162.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005164.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0005172.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0006170.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP96\A0006172.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006210.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006214.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006215.dll Infected: not-a-virus:AdWare.Win32.Agent.asj skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006221.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006224.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006225.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006226.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006227.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A8EDD35D-3ACE-4C32-8F1A-701573ED6A3C}\RP98\A0006236.exe Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
And here is the latest Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Removal.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 6657940390O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
--
End of file - 2123 bytes