PDA

View Full Version : Also infected with Virtumonde



LeftyinOH
2007-09-28, 06:47
Help greatly appreciated. Scanned/cleaned with McAfee & Spybot S&D. Have been able to clean out everything except virtumonde/virtumonde.generic

HJT logfile as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:43 PM, on 09/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home/us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\jcbrlbdw.dll",sitypnow
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5862] command /c del "C:\WINDOWS\SYSTEM32\igonwowh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9327] cmd /c del "C:\WINDOWS\SYSTEM32\igonwowh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3190] command /c del "C:\WINDOWS\SYSTEM32\uhlbpbem.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8820] cmd /c del "C:\WINDOWS\SYSTEM32\uhlbpbem.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3023] command /c del "C:\WINDOWS\SYSTEM32\igonwowh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9854] cmd /c del "C:\WINDOWS\SYSTEM32\igonwowh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9250] command /c del "C:\WINDOWS\SYSTEM32\uhlbpbem.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6205] cmd /c del "C:\WINDOWS\SYSTEM32\uhlbpbem.dll_old"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11479 bytes

LeftyinOH
2007-09-28, 15:37
All of this is AFTER I've scanned/cleaned with McAfee & Spybot S&D repeatedly
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 28, 2007 8:40:34 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 28/09/2007
Kaspersky Anti-Virus database records: 424473
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 95310
Number of viruses found: 8
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 01:31:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D2650B56-0AD9-42E6-A77B-A5A3C5FD4CF7}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DC91545E-476D-45EB-9AFC-AEA447D72FB6}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1984.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1985.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1986.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1987.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1988.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1989.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1990.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1991.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1992.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1993.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1994.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1995.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1996.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1997.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1998.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_1999.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2000.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2001.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2002.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2003.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2004.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2005.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2006.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2007.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2008.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2009.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2010.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2011.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2012.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2013.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2014.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2017.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2018.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2019.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2021.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2022.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2023.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2024.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2025.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2026.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2027.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2028.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2029.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2030.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2031.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2032.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2033.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2034.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2035.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2036.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2037.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2038.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2039.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2040.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2041.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2042.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2043.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2044.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2045.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2046.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2047.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2048.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2049.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2050.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2051.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2052.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2053.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2054.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2055.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2056.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\IMG_2057.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2015.AVI Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2015.THM Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2016.AVI Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2016.THM Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2020.AVI Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\MVI_2020.THM Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Disney June 2004\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Hilite International - New Office\IMG_2075.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Hilite International - New Office\IMG_2077.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Hilite International - New Office\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2058.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2059.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2060.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2061.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2062.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2063.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2064.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2065.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2066.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2067.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2068.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2069.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2070.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2071.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2072.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2073.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\IMG_2074.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\Digital Photos\Thanksgiving 2004\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\John Europe Travel.xls Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- Have not heard recently.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- Listen to late at night.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- Listen to on Weekends.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- One Audio CD worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Favorites -- One Data CD-R worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Fresh tracks -- yet to be played.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Fresh tracks -- yet to be rated.wpl Object is locked skipped

LeftyinOH
2007-09-28, 15:38
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Fresh tracks.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\High bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Low bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Music tracks I dislike.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Music tracks I have not rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00250422\Music tracks with content protection.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\002504DE\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Stitchs Escape Game\StitchsEscapeGame.exe Object is locked skipped
C:\Documents and Settings\John\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DF30F1.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\MBDownloader_876919.exe Infected: not-a-virus:AdWare.Win32.NetNucleus.b skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mit1B8.tmp/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mit1B8.tmp CAB: infected - 1 skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mit1B8.tmp.cab/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mit1B8.tmp.cab CAB: infected - 1 skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mitF2.tmp/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mitF2.tmp CAB: infected - 1 skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mitF2.tmp.cab/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\mitF2.tmp.cab CAB: infected - 1 skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file03 Infected: Trojan-Downloader.Win32.Agent.dhj skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 5 skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\yazzlesnet.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\Joseph\Local Settings\Temp\yazzlesnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\L0000004.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\John\Data\storydb.idx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\SpongeBob SquarePants Diner Dash\bfgt_silent_en.exe/data0000.cab/nickarcade.dll Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\SpongeBob SquarePants Diner Dash\bfgt_silent_en.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\SpongeBob SquarePants Diner Dash\bfgt_silent_en.exe Rsrc-Package: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\SYSTEM32\vtsts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_B34PUopECFIUSAV Object is locked skipped
C:\WINDOWS\Temp\mcafee_YtitzRRpDSPZLqv Object is locked skipped
C:\WINDOWS\Temp\mcmsc_b7hcfUThwrid54V Object is locked skipped
C:\WINDOWS\Temp\mcmsc_bJEzu4LRwpGoYzd Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Cc5m8alA63t8i3H Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Elf91Oo6vgec615 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_u3sqtf99qgXEz1g Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_764.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Mr_JAk3
2007-09-30, 19:45
Hello LeftyinOH and welcome to the Forums :)

You're infected.

Please rename HijackThis.exe to skanneri.exe

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HijackThis (skanneri.exe) log to here.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


:bigthumb:

tashi
2007-10-09, 07:09
Due to lack of a response to your helper, this topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.