PDA

View Full Version : Help removing Virtumundo



eolsen
2007-09-17, 23:36
Hello, I've tried many methods to removing this, including Vundofix, Spybot, Adaware, AVG anti-spyware, ZA anti-virus/spyware. Still keep getting popups. so I need some advice. Here is a HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:34:43 AM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Elliot\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = THIS PROGRAM IS GHEY
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29EB8798-A3E2-4018-B135-E6D406A02AD9} - (no file)
O2 - BHO: (no name) - {327B7795-BDAA-4572-89D8-19809037FB2A} - (no file)
O2 - BHO: (no name) - {4146287F-8521-4FB3-8B14-19EDB98F7A92} - (no file)
O2 - BHO: (no name) - {4C6F1C29-B359-4026-B699-B44803C1BBA3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {947CDA95-7F87-4399-867B-55816ABA9876} - (no file)
O2 - BHO: (no name) - {A9A7D6F1-AA6F-4C19-9F2C-62B2ECF4EF07} - (no file)
O2 - BHO: (no name) - {B79E2673-1B6A-47ED-BC1D-3767EBDEF360} - (no file)
O2 - BHO: (no name) - {C43E70F3-1437-4DC5-883E-39AB62928AAD} - (no file)
O2 - BHO: (no name) - {E66D0BFC-6001-4141-B375-7D18A21399FC} - C:\WINDOWS\system32\ssqpn.dll
O2 - BHO: (no name) - {FA42F38E-30FC-4A6E-84FA-7ECD58EFA8B1} - C:\WINDOWS\system32\ssqpn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\faryugaj.dll",forkonce
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-1993962763-73586283-682003330-1003\..\Run: [DDC] C:\DOCUME~1\Olsen\LOCALS~1\Temp\thaaybmd.exe (User 'Olsen')
O4 - HKUS\S-1-5-21-1993962763-73586283-682003330-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Olsen')
O4 - HKUS\S-1-5-21-1993962763-73586283-682003330-1003\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\ssqpn.dll,CreateProtectProc (User 'Olsen')
O4 - HKUS\S-1-5-21-1993962763-73586283-682003330-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Maddie')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6760 bytes

eolsen
2007-09-18, 01:42
Here is the kasper log...2 posts long

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 18, 2007 6:39:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 18/09/2007
Kaspersky Anti-Virus database records: 420065
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 77979
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:34:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v2.0.40607.16\security.config.cch Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007090820070909\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ASPNETSetup_00000.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20MSI303F.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20UI303F.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\50MEV67O\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\50MEV67O\UAHelp_Metrics[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7ORQZAV5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7ORQZAV5\popup[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7ORQZAV5\ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHS4GXVP\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHS4GXVP\UAHelp_Classic[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4CRVLUM\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S4CRVLUM\HelpLA_lib[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\AVG7\l_000102.log Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\history.dat Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\key3.db Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Elliot\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Elliot\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\AOL OCP\AIM\Storage\data\greatmilinko55\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\AOL OCP\AIM\Storage\data\insannescorp55\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ugzy5e9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\History\History.IE5\MSHist012007091820070919\index.dat Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Temp\$6FA76944.t$m Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Temp\~DF5EB7.tmp Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Temp\~DFC2A9.tmp Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Temp\~DFC4F.tmp Object is locked skipped
C:\Documents and Settings\Elliot\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Elliot\My Documents\Downloads\Zone Alarm Internet Security Suite 7.302 KEYGEN.rar/Keygen.exe Infected: Backdoor.Win32.Bifrose.axf skipped
C:\Documents and Settings\Elliot\My Documents\Downloads\Zone Alarm Internet Security Suite 7.302 KEYGEN.rar RAR: infected - 1 skipped
C:\Documents and Settings\Elliot\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Elliot\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temp\dyqwlqre.dll Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temp\iiniyxpn.dll Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temp\pcxflffn.dll Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\50MEV67O\gepj[1] Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\50MEV67O\jaun_20070726[1] Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\7ORQZAV5\gepj[1] Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\EHS4GXVP\gepj[1] Object is locked skipped
C:\Documents and Settings\Maddie\Local Settings\Temporary Internet Files\Content.IE5\EHS4GXVP\jaun_20070726[1] Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Olsen\Local Settings\Temp\amrtudqu.dll Object is locked skipped
C:\Documents and Settings\Olsen\Local Settings\Temp\htdcdgok.dll Object is locked skipped
C:\Documents and Settings\Olsen\Local Settings\Temp\mljgh.dll Object is locked skipped
C:\Documents and Settings\Olsen\Local Settings\Temp\whscncat.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4BD5EBF6-61D9-4A7A-9399-FFC3A2B32565}\RP1\change.log Object is locked skipped

eolsen
2007-09-18, 01:43
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\RETESTRAK.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\efgsksst.dll Object is locked skipped
C:\WINDOWS\system32\gycrmdex.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\pppssmfo.dll Object is locked skipped
C:\WINDOWS\system32\qigcoilo.dll Object is locked skipped
C:\WINDOWS\system32\uvhpifnd.dll Object is locked skipped
C:\WINDOWS\system32\verujqbp.dll Object is locked skipped
C:\WINDOWS\system32\vtuspmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcnylton.dll Object is locked skipped
C:\WINDOWS\system32\wdorkyko.dll Object is locked skipped
C:\WINDOWS\system32\yggxhemp.dll Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1d0.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT02504.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02508.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Mr_JAk3
2007-09-20, 20:36
Hello eolsen and welcome to the Forums :)

You're infected.

Let's get 'em.

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable AVG Anti-Spyware guard.
Open AVG Anti-Spyware
Click Shield
Click under "resident shield is"
Change it to inactive
Close the program

Disable Spybot S&D Teatimer.
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

tashi
2007-10-03, 02:12
Due to lack of a response to your helper, this topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.