View Full Version : Smitfruad-C.Toolbar888
peregrine
2007-07-01, 20:15
Hello I've been struggling with a multitude of problems lately with windows viruses and malware and I think that Smithfraud may be the problem.
I have AVG Free Edition 7.5.476. I have Lavasoft Adaware and Spybot S&D.
Before I only used Avg and Adaware and AVG would find 4 files they called trojan horses and they always had names that seemed like random numbers. And I would delete it and they would find it again, and again, and again. Nothing I did would stop it. So I would run adaware and it found nothing. So I ran Spybot and it found this. (Among others things the others didn't find).
So I ran spybot and removed it all and then I decided hmm well lets run it again to make sure. And sure enough its still their.
I don't know if I should do what the guy said in the other post about this particular virus or if I should see what you guys say. Cause I don't know if the same fix will apply for everyone.
Thanks for your time.
peregrine
peregrine
2007-07-01, 20:32
Edit: I also have had some problems with pop-ups. It was just adware popups until one time I got never ending IE windows open with no connection to the internet.
I don't know where the edit button is so sorry :(
Peregrine
peregrine
2007-07-01, 21:15
Here is my hijackthis sorry for forgetting it.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:13:51 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jason Stiebs\Desktop\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\itdxdykx.dll
O2 - BHO: (no name) - {4E839DF5-1970-436F-96CD-509A868616B0} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\gebcdde.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95BA93A1-608E-4AFC-A81A-0E352773E3D5} - (no file)
O2 - BHO: (no name) - {CC07AC2A-786F-4072-BF30-B2EE05410112} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC9F1489-3F8A-465D-9437-BAAFA47D15D6}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: gebcdde - C:\WINDOWS\SYSTEM32\gebcdde.dll
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)
--
End of file - 6502 bytes
peregrine
2007-07-02, 00:05
Alright being impaitient and with nothing better to do. I downloaded VundoFix and ran it. I also ran hijackthis afterwards but renamed hijack to scanner.exe. Then I ran the Kapersky Online Scanner and I will post the log.
I simply did what was described here:eek: (http://forums.spybot.info/showthread.php?t=15333). So here is my Vundo log
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 2:56:56 PM 7/1/2007
Listing files found while scanning....
C:\windows\system32\axuftmdf.ini
C:\windows\system32\fdmtfuxa.dll
C:\WINDOWS\system32\gebcdde.dll
C:\windows\system32\hjrbuknu.dll
C:\WINDOWS\system32\itdxdykx.dll
C:\windows\system32\mnnmp.bak1
C:\windows\system32\mnnmp.bak2
C:\windows\system32\mnnmp.ini
C:\windows\system32\mnnmp.tmp
C:\windows\system32\ofodejjs.ini
C:\WINDOWS\system32\pmnnm.dll
C:\windows\system32\qommnkj.dll
C:\windows\system32\sjjedofo.dll
C:\windows\system32\unkubrjh.ini
Beginning removal...
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 3:02:13 PM 7/1/2007
Listing files found while scanning....
C:\windows\system32\axuftmdf.ini
C:\windows\system32\fdmtfuxa.dll
C:\WINDOWS\system32\gebcdde.dll
C:\windows\system32\hjrbuknu.dll
C:\WINDOWS\system32\itdxdykx.dll
C:\windows\system32\mnnmp.bak1
C:\windows\system32\mnnmp.bak2
C:\windows\system32\mnnmp.ini
C:\windows\system32\ofodejjs.ini
C:\WINDOWS\system32\pmnnm.dll
C:\windows\system32\qommnkj.dll
C:\windows\system32\sjjedofo.dll
C:\windows\system32\unkubrjh.ini
Beginning removal...
Attempting to delete C:\windows\system32\axuftmdf.ini
C:\windows\system32\axuftmdf.ini Has been deleted!
Attempting to delete C:\windows\system32\fdmtfuxa.dll
C:\windows\system32\fdmtfuxa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebcdde.dll
C:\WINDOWS\system32\gebcdde.dll Could not be deleted.
Attempting to delete C:\windows\system32\hjrbuknu.dll
C:\windows\system32\hjrbuknu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\itdxdykx.dll
C:\WINDOWS\system32\itdxdykx.dll Has been deleted!
Attempting to delete C:\windows\system32\mnnmp.bak1
C:\windows\system32\mnnmp.bak1 Has been deleted!
Attempting to delete C:\windows\system32\mnnmp.bak2
C:\windows\system32\mnnmp.bak2 Has been deleted!
Attempting to delete C:\windows\system32\mnnmp.ini
C:\windows\system32\mnnmp.ini Has been deleted!
Attempting to delete C:\windows\system32\ofodejjs.ini
C:\windows\system32\ofodejjs.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!
Attempting to delete C:\windows\system32\qommnkj.dll
C:\windows\system32\qommnkj.dll Has been deleted!
Attempting to delete C:\windows\system32\sjjedofo.dll
C:\windows\system32\sjjedofo.dll Has been deleted!
Attempting to delete C:\windows\system32\unkubrjh.ini
C:\windows\system32\unkubrjh.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Scan started at 3:06:21 PM 7/1/2007
Listing files found while scanning....
C:\windows\system32\gebcdde.dll
Beginning removal...
Attempting to delete C:\windows\system32\gebcdde.dll
C:\windows\system32\gebcdde.dll Has been deleted!
Performing Repairs to the registry.
Done!
and here is the hijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:11:17 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Jason Stiebs\Desktop\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E839DF5-1970-436F-96CD-509A868616B0} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95BA93A1-608E-4AFC-A81A-0E352773E3D5} - (no file)
O2 - BHO: (no name) - {CC07AC2A-786F-4072-BF30-B2EE05410112} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC9F1489-3F8A-465D-9437-BAAFA47D15D6}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)
--
End of file - 6190 bytes
peregrine
2007-07-02, 00:06
Now the kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 01, 2007 5:03:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/07/2007
Kaspersky Anti-Virus database records: 356272
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Z:\
Scan Statistics:
Total number of scanned objects: 87780
Number of viruses found: 10
Number of infected objects: 18
Number of suspicious objects: 2
Duration of the scan process: 01:25:15
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\indexer\indexer_2048.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\indexer\indexer_256.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\indexer\indexer_4096.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\07\477.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\07\478.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\08\479.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\08\480.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\12\481.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\12\482.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\12\483.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\14\484.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\14\485.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\14\486.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\14\487.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\18\488.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\19\489.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\19\490.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\19\491.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\19\492.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\20\493.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\20\494.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\20\495.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\25\933.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\25\934.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\25\935.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\27\954.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\27\955.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Application Data\Opera\Opera\mail\store\account4\2007\06\27\956.mbs Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temp\Perflib_Perfdata_1b0.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temp\Perflib_Perfdata_d94.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temp\Perflib_Perfdata_d9c.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temp\~DFA01E.tmp Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temp\~DFA03D.tmp Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jason Stiebs\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mom & Michelle\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP447\A0205115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP451\A0205587.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP451\A0205587.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP451\A0205587.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP454\A0206246.dll Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\A0206535.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\A0206539.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\A0206540.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\A0206541.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\A0206549.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP456\change.log Object is locked skipped
C:\VundoFix Backups\fdmtfuxa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\gebcdde.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\pmnnm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped
C:\VundoFix Backups\qommnkj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\sjjedofo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JASON.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\efmckdoc.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT030ea.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06d4a.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Anything you see that I need to do please aid me with :).
Thanks in for your time.
Hello.
Because of the amount of posts in your thread, helpers probably thought you were already being assisted.
Our stickied forum topics:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836) :)
This topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.