PDA

View Full Version : Virtumonde victim


chicago.hounds
2007-10-07, 22:10
I have been infected with the virtumonde virus, and it seems to have possibly corrupted / removed my system restore points.

Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 07, 2007 7:41:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 7/10/2007
Kaspersky Anti-Virus database records: 428530
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 56344
Number of viruses found: 22
Number of infected objects: 76
Number of suspicious objects: 10
Duration of the scan process: 01:29:14

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PurityScan.zip/offun.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PurityScan.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/retadpu572.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu1000106.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1281OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip/Yazzle1281OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\2MGD9GLY\masiyxanidi[1] Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\2MGD9GLY\_affvm[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\adfcook[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\7P0OJ0M4\jaun_20070726[1] Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\7P0OJ0M4\lkjh[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\kcehc_eicooc20070702[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\_jnvm[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\FCLYVQBZ\jaun_20070726[1] Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\FCLYVQBZ\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Erika\Local Settings\Temporary Internet Files\Content.IE5\KCFT1DTF\gepj[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\history.dat Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\key3.db Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mark\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\ogqdx4ev.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\History\History.IE5\MSHist012007100620071007\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\Perflib_Perfdata_22c.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 4 skipped
C:\Documents and Settings\Mark\Local Settings\Temp\winaspsnet.exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and Settings\Mark\Local Settings\Temp\yazzlesnet.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\Mark\Local Settings\Temp\yazzlesnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Mark\Local Settings\Temp\~DFD211.tmp Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\3L6ACJKE\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\VW0BG4OF\lkjh[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\X9UVJO0U\jaun_20070726[1] Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\Mark\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mark\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062538.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062546.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062546.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062598.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062599.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP189\A0062601.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0065602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0067618.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0067619.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0067620.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0067638.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0067649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP190\A0068675.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP191\A0068839.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP191\A0068839.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP191\A0068839.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP192\A0068864.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP192\A0068900.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP192\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A3A0B06F-CB87-4B4E-A622-C9D5486B815D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\axdljptd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\system32\bsocaslg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0F9Q6D1R\n404-1[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
chicago.hounds
2007-10-07, 22:12
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0F9Q6D1R\n404-2[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0F9Q6D1R\n404-5[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0F9Q6D1R\n404-6[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2MGD9GLY\TTC-4444[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2MGD9GLY\TTC-4444[1].exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\n404-3[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\n404-4[1].htm Infected: Trojan-Downloader.JS.Agent.no skipped
C:\WINDOWS\system32\efcbbxx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\eksfjjos.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\erppjobx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gxpshmvd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ieaolknv.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\iloxnpoo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\jkhhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wl skipped
C:\WINDOWS\system32\jldohdbp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\kcxfkejy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ldcore(2).dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\WINDOWS\system32\ldcore(3).dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\WINDOWS\system32\mdjibpyu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mhmiipoc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nddmhtnl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nnnoonl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\pcbvvdii.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\pnxflttu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\psquktgn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qrepbmwc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\WINDOWS\system32\qyqsuwyt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rcivuryn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tigbwpoc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wkpammfe.dll Infected: Trojan.Win32.BHO.hj skipped
C:\WINDOWS\system32\ylixpsft.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:29 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Linksys\WPC300N\WPC300N.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SEMBLY~1\dvdplay.exe
C:\Documents and Settings\Mark\Application Data\?ymantec\e?plorer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\jqmhwfsa.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fantasygames.sportingnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\WPC300N\WPC300N.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Osus] "C:\PROGRA~1\SEMBLY~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Fnrhcl] "C:\Documents and Settings\Mark\Application Data\?ymantec\e?plorer.exe"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172979003810
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172978948728
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\jqmhwfsa.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8940 bytes
tashi
2007-10-29, 18:27
Hello and sorry for the delay.

We do have this sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

However if members waiting for assistance do not post to flag a helper, their topic is archived.

If you need it re-opened, please send me a private message (pm) and provide a link back to your thread.

Applies only to the original poster, anyone else with similar problems please start your own topic.