redwarf
2008-04-12, 19:09
Hi everyone.
I wonder if anyone can help me. I got a message from msn saying that a foto looked like me, I didn't know it was a virus and clicked on it.
I have got Spybot S&D and registry cleaner and Avast anti virus, but the computer still runs slow and Spybot keeps picking up registry items that have been changed.
It constantly comes up with BMBFCBB836??? I dunno what this is but it cannot be permanently deleted from windows, if you do it just comes back.
There are other registry items it comes up with to but I can't remember at the moment what they are, has anyone experienced these symptoms or is it just me?
Any help on how to cure my computer would be gr8.
Avast says that it has put all the viruses to a chest and the registry cleaner cleans all the files
I have carried out the checks that I have been told to do 1st, see list below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:47, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23B90D5E-5B97-463A-8932-70E2E5FFB535} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3b4236e2-e05f-40f2-b871-6a45e122e853} - (no file)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\kdnukbdw.dll
O2 - BHO: (no name) - {3DA2200F-4A03-4E1B-85B0-B3D6BCCFB67F} - (no file)
O2 - BHO: (no name) - {4205E4BF-65E3-4277-916C-C471EB1E60A6} - (no file)
O2 - BHO: (no name) - {420a0b55-043b-47ed-9d15-c183170e8688} - (no file)
O2 - BHO: (no name) - {53335240-CCE7-410B-A02F-187F4BEF7A4A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7181B9FA-A8C2-411B-8054-5060239C4920} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7554E4D4-46FB-4307-9769-4D726FCA108A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E515F51-EA34-4DDE-91F7-C79D64798783} - (no file)
O2 - BHO: (no name) - {9714A10A-FBC6-4427-BA95-8409A403D1EF} - (no file)
O2 - BHO: (no name) - {9C3745A2-D68A-4864-BC36-87694762C959} - (no file)
O2 - BHO: (no name) - {A0BD0A1B-C3CD-4D43-B592-7F5C785F9D4E} - (no file)
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: (no name) - {AA241CE0-B366-4AD0-8FDD-4E4ED72A6842} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B4B6CAAE-3BEE-41B3-888A-8DD60285D566} - (no file)
O2 - BHO: (no name) - {C01A92D5-75AC-49AB-9E91-13AD13843463} - C:\WINDOWS\system32\ljhhf.dll
O2 - BHO: (no name) - {D4FEC5C6-7B88-460B-83E3-13866DAA11C6} - (no file)
O2 - BHO: (no name) - {E22D244E-D46C-48E9-A43D-7987750A7C59} - (no file)
O2 - BHO: (no name) - {EA30C025-BEB6-4464-A7C6-7295725053BA} - (no file)
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe
O4 - HKLM\..\Run: [bcf88baa] rundll32.exe "C:\WINDOWS\system32\hligtdor.dll",b
O4 - HKLM\..\Run: [BMbfcbb836] Rundll32.exe "C:\WINDOWS\system32\tdyswmyv.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182557600522
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{18BF7BCE-013D-4236-A0FC-023285DCEB2F}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddcccab - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9568 bytes
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 4:24:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 699549
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 65557
Number of viruses found 16
Number of infected objects 63
Number of suspicious objects 0
Duration of the scan process 01:59:09
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\dfsr.db Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\fsr.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\fsrtmp.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\tmp.edb Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows Live Contacts\thenuthouse7@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF813E.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF818A.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF9575.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\2Z0ZOV4P\kriv[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\MNCLV1TL\in[1].htm Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ev skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\MNCLV1TL\rld[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar ZIP: infected - 3 skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\ZDVG48SD\in[2].htm Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ev skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\ZDVG48SD\zrt20080408[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP262\A0035030.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035334.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lry skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035336.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP268\A0036334.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP269\A0036366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP270\A0038366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP270\A0038397.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP271\A0039600.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP274\A0039674.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP275\A0039961.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039981.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039983.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039984.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cqlsehts.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ebewliok.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\edhcbydt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\ehjmoggu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\WINDOWS\system32\fhrobrqd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\WINDOWS\system32\fjssvemc.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fuamivlw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fvphuxou.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fwnxapvx.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\gcqrybsk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\gehhewur.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\gvlkawom.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hxomoigt.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\idtweoxk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jnaurycy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\kdnukbdw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\kjkwapkc.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljhhf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljlxqvwk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\luolacgj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\lwtxvskk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\mfuekegv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ohpsebvu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\pdafqjje.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\WINDOWS\system32\pffofddq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\prndcfkk.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\pucaffni.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\WINDOWS\system32\qedotnbf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa skipped
C:\WINDOWS\system32\rnybgyxn.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rrhtcqmj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\sasgfiqq.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\sdavuguo.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\siklirrv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\tfxkmqvy.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\trxehqfs.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\twotvymq.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\twxdqqxw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ucugqgvf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\usyfegky.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wwswkjcg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\WINDOWS\Temp\Perflib_Perfdata_524.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hope this is ok, I did follow instructions to best of my knowledge
I wonder if anyone can help me. I got a message from msn saying that a foto looked like me, I didn't know it was a virus and clicked on it.
I have got Spybot S&D and registry cleaner and Avast anti virus, but the computer still runs slow and Spybot keeps picking up registry items that have been changed.
It constantly comes up with BMBFCBB836??? I dunno what this is but it cannot be permanently deleted from windows, if you do it just comes back.
There are other registry items it comes up with to but I can't remember at the moment what they are, has anyone experienced these symptoms or is it just me?
Any help on how to cure my computer would be gr8.
Avast says that it has put all the viruses to a chest and the registry cleaner cleans all the files
I have carried out the checks that I have been told to do 1st, see list below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:47, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23B90D5E-5B97-463A-8932-70E2E5FFB535} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3b4236e2-e05f-40f2-b871-6a45e122e853} - (no file)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\kdnukbdw.dll
O2 - BHO: (no name) - {3DA2200F-4A03-4E1B-85B0-B3D6BCCFB67F} - (no file)
O2 - BHO: (no name) - {4205E4BF-65E3-4277-916C-C471EB1E60A6} - (no file)
O2 - BHO: (no name) - {420a0b55-043b-47ed-9d15-c183170e8688} - (no file)
O2 - BHO: (no name) - {53335240-CCE7-410B-A02F-187F4BEF7A4A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7181B9FA-A8C2-411B-8054-5060239C4920} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7554E4D4-46FB-4307-9769-4D726FCA108A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E515F51-EA34-4DDE-91F7-C79D64798783} - (no file)
O2 - BHO: (no name) - {9714A10A-FBC6-4427-BA95-8409A403D1EF} - (no file)
O2 - BHO: (no name) - {9C3745A2-D68A-4864-BC36-87694762C959} - (no file)
O2 - BHO: (no name) - {A0BD0A1B-C3CD-4D43-B592-7F5C785F9D4E} - (no file)
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: (no name) - {AA241CE0-B366-4AD0-8FDD-4E4ED72A6842} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B4B6CAAE-3BEE-41B3-888A-8DD60285D566} - (no file)
O2 - BHO: (no name) - {C01A92D5-75AC-49AB-9E91-13AD13843463} - C:\WINDOWS\system32\ljhhf.dll
O2 - BHO: (no name) - {D4FEC5C6-7B88-460B-83E3-13866DAA11C6} - (no file)
O2 - BHO: (no name) - {E22D244E-D46C-48E9-A43D-7987750A7C59} - (no file)
O2 - BHO: (no name) - {EA30C025-BEB6-4464-A7C6-7295725053BA} - (no file)
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe
O4 - HKLM\..\Run: [bcf88baa] rundll32.exe "C:\WINDOWS\system32\hligtdor.dll",b
O4 - HKLM\..\Run: [BMbfcbb836] Rundll32.exe "C:\WINDOWS\system32\tdyswmyv.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182557600522
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{18BF7BCE-013D-4236-A0FC-023285DCEB2F}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddcccab - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9568 bytes
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 4:24:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 699549
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 65557
Number of viruses found 16
Number of infected objects 63
Number of suspicious objects 0
Duration of the scan process 01:59:09
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\lee\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\dfsr.db Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\fsr.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\fsrtmp.log Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Messenger\thenuthouse7@hotmail.com\SharingMetadata\Working\database_2BC_F89B_BCF8_8B05\tmp.edb Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Windows Live Contacts\thenuthouse7@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF813E.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF818A.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temp\~DF9575.tmp Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\2Z0ZOV4P\kriv[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\MNCLV1TL\in[1].htm Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ev skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\MNCLV1TL\rld[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\QJZFQA5J\ms03011[1].jar ZIP: infected - 3 skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\ZDVG48SD\in[2].htm Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ev skipped
C:\Documents and Settings\lee\Local Settings\Temporary Internet Files\Content.IE5\ZDVG48SD\zrt20080408[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP262\A0035030.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035334.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lry skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP267\A0035336.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP268\A0036334.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP269\A0036366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP270\A0038366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP270\A0038397.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP271\A0039600.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP274\A0039674.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP275\A0039961.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039981.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039983.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\A0039984.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{14A8FC96-29FA-4D3E-957A-7FC184B6ADDE}\RP276\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cqlsehts.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ebewliok.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\edhcbydt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\ehjmoggu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\WINDOWS\system32\fhrobrqd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\WINDOWS\system32\fjssvemc.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fuamivlw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fvphuxou.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fwnxapvx.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\gcqrybsk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\gehhewur.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\gvlkawom.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hxomoigt.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\idtweoxk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jnaurycy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\kdnukbdw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\kjkwapkc.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljhhf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljlxqvwk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\luolacgj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\lwtxvskk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\mfuekegv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ohpsebvu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\pdafqjje.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\WINDOWS\system32\pffofddq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\prndcfkk.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\pucaffni.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\WINDOWS\system32\qedotnbf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa skipped
C:\WINDOWS\system32\rnybgyxn.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rrhtcqmj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\sasgfiqq.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\sdavuguo.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\siklirrv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\WINDOWS\system32\tfxkmqvy.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\trxehqfs.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\twotvymq.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\twxdqqxw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ucugqgvf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\usyfegky.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wwswkjcg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\WINDOWS\Temp\Perflib_Perfdata_524.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hope this is ok, I did follow instructions to best of my knowledge