View Full Version : Virtumonde.
shellerocks
2008-04-06, 00:30
Thank you so much for taking your time to help me fix this problem. :]
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:47 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\wpcumi.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rishelle\Downloads\HiJackThis.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 3733 bytes
shellerocks
2008-04-06, 00:31
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 116182
Number of viruses found 2
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 01:39:24
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{95415BFA-A806-4F70-B185-D938830FF606}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{F4413552-3BBB-4171-A9F5-FD40329C3A11}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFR582D.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3e07f3a40bcbe7ace2ee6aef37abde9_0b0f8785-88dd-4c31-9914-97a52bf82f37 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog00.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Jean.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Rijeana.dat Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat{187d0548-8da2-11dc-bd00-001aa06a3fa1}.TM.blf Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat{187d0548-8da2-11dc-bd00-001aa06a3fa1}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows\UsrClass.dat{187d0548-8da2-11dc-bd00-001aa06a3fa1}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\Rishelle\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Rishelle\AppData\Local\SupportSoft\DellSupportCenter\Rishelle\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Rishelle\AppData\Local\Temp\fcCtqrqR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwx skipped
C:\Users\Rishelle\AppData\Local\Temp\nsg8C7A.tmp Object is locked skipped
C:\Users\Rishelle\AppData\Local\Temp\nskC92C.tmp Object is locked skipped
C:\Users\Rishelle\AppData\Local\Temp\nsnD0D9.tmp Object is locked skipped
C:\Users\Rishelle\AppData\Local\Temp\nsv698F.tmp Object is locked skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000d567 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000dddf Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000df08 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000e484 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000e677 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0000ec41 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp00010147 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp00010d77 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp000112d4 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp00025b1a Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0021a63d Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp003c3f9f Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp01d9809d Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp0284d371 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp02ce4ee8 Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tmp050d9c1a Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Local\Temp\tuvVnmlJ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcs skipped
C:\Users\Rishelle\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Rishelle\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Users\Rishelle\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Users\Rishelle\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Users\Rishelle\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Users\Rishelle\NTUSER.DAT Object is locked skipped
C:\Users\Rishelle\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Rishelle\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Rishelle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Rishelle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rishelle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Tasks\User_Feed_Synchronization-{04D90C96-960F-42B7-8ACB-B6CCC542FC55}.job Object is locked skipped
C:\Windows\Tasks\User_Feed_Synchronization-{2700DE49-9718-450F-A68D-D2FE849E407D}.job Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb
shellerocks
2008-04-06, 01:28
Also, I've tried VundoFix and VundoBeGone and it couldn't detect the trojan.
Only the Spybot S&D detected it... Please help??? :sad:
shellerocks
2008-04-08, 16:07
Also, we have 4 accounts on this computer.
Would it matter which one I scan???
little eagle
2008-04-12, 14:44
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.