PDA

View Full Version : He skinny dipped on web


grandcentralcomputers
2008-05-04, 00:56
A friend brought me this basketcase to fix. Help please. First time here. hope it is right

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 03, 2008 2:52:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 737509
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 112036
Number of viruses found: 51
Number of infected objects: 236
Number of suspicious objects: 0
Duration of the scan process: 01:36:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_475170097_851968_40354 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{22F51163-7373-46F4-85FE-44389EF910D1}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-1ee83fc0.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-1ee83fc0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-79a32173.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-79a32173.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Desktop\Setup(6).exe Infected: not-a-virus:AdTool.Win32.Zango.j skipped
C:\Documents and Settings\HP_Administrator\Desktop\setup(7).exe Infected: Trojan-Downloader.Win32.Zlob.jfy skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\su7qqfkv.default\Cache\C344890Ad01 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\su7qqfkv.default\Cache\D85FD1DDd01 Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cd5A64\z1.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.fpl skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cd5A64\z1.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cdF1D\z1.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.jaq skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cdF1D\z1.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cdF1E\z1.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.fpl skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\cdF1E\z1.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IH29E.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IH511.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install_3446.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\npribryy.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0009 Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0011 Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0012 Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0015 Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0017/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0017/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0017 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0020 Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0026 Infected: not-a-virus:AdTool.Win32.Zango.u skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream/data0027 Infected: not-a-virus:AdWare.Win32.180Solutions.bm skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bm skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\saiD8A.tmp NSIS: infected - 13 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe/stream/data0013 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe/stream/data0014 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.c skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe/stream/data0040 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe/stream/data0042 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe/stream Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SPOENB_0001_F01M0612\PerformanceoptimizerFreeSetup.exe NSIS: infected - 5 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8D6ZGLEZ\calc[1] Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T6R4PA3\b_af2[1].dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T6R4PA3\scnd[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\zfe4.exe Infected: Trojan-Downloader.Win32.Zlob.kni skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00F44113C4A.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.fpl skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00F44113C4A.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00FAB2EA3B.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.jaq skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00FAB2EA3B.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00FAB2EE32.exe/data0000 Infected: Trojan-Downloader.Win32.Agent.fpl skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_A00FAB2EE32.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFB78F.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K6QDSOFF\CA6J4PQN.htm Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K6QDSOFF\glas[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K6QDSOFF\idkfa[1] Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K6QDSOFF\secureinvites[1].htm Infected: not-virus:Hoax.HTML.Secureinvites.a skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q29Q0E04\CAPDY3GL Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q29Q0E04\hlp[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q29Q0E04\scnd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\calc[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\iddqd[1] Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\index[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\install_en[1].cab/UGA6P_0001_N122M2802NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\install_en[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5YRCLU7\kriv[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZXVYMX14\AntiSpywareShieldSetup[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.ts skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZXVYMX14\idkfa[1] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZXVYMX14\idkfa[2] Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZXVYMX14\index[1] Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AMP6LILS\mutex_n1_06_02_08_0[1].exe Infected: Trojan-Downloader.Win32.Isof.qr skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AMP6LILS\mutex_n1_08_02_08_0[1].exe Infected: Trojan-Downloader.Win32.Isof.qp skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AMP6LILS\mutex_n1_28_01_08_0[1].exe Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AMP6LILS\notepad[2].exe Infected: Backdoor.Win32.Agent.hde skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KX4KVEJT\mutex_n1_01_02_08_0[1].exe Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KX4KVEJT\mutex_n1_29_01_08_0[1].exe Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LO2IM8EH\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NJ1WKJ6G\mutex_n1_28_01_08_1[1].exe Infected: Trojan-Downloader.Win32.Isof.ql skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NJ1WKJ6G\mutex_n1_31_01_08_5[1].exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\infected\1RXS0NAA.NQF Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\Program Files\ESET\infected\4F50SSAA.NQF Infected: Trojan-Downloader.Win32.FraudLoad.ts skipped
C:\Program Files\ESET\infected\CKXAKTBA.NQF Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\Program Files\ESET\infected\EVXBIZDA.NQF/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Program Files\ESET\infected\EVXBIZDA.NQF/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Program Files\ESET\infected\EVXBIZDA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\EVXBIZDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\I3BQKSAA.NQF Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped
C:\Program Files\ESET\infected\ICEJBZDA.NQF Infected: not-a-virus:AdTool.Win32.Zango.u skipped
C:\Program Files\ESET\infected\KYGC3GDA.NQF Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped
C:\Program Files\ESET\infected\SRJ5DOCA.NQF Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\ESET\infected\UKYUKDBA.NQF Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\Program Files\ESET\infected\VBFQ5NCA.NQF Infected: Backdoor.Win32.Agent.hde skipped
C:\Program Files\ESET\infected\ZMIDETDA.NQF Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Program Files\ESET\infected\ZPK11DDA.NQF Infected: Trojan-Downloader.Win32.FraudLoad.ts skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll Object is locked skipped
C:\Program Files\NetProject\sbmdl.dll Infected: Trojan-Downloader.Win32.Zlob.jgp skipped
C:\Program Files\NetProject\sbmntr.exe_old Infected: Trojan-Downloader.Win32.Zlob.knh skipped
C:\Program Files\NetProject\sbun.exe_old Infected: Trojan-Downloader.Win32.Zlob.jhk skipped
C:\Program Files\NetProject\scit.exe_old Infected: Trojan-Downloader.Win32.Zlob.lps skipped
C:\Program Files\NetProject\scm.exe_old Infected: Trojan-Downloader.Win32.Zlob.jfl skipped
C:\Program Files\NetProject\scu.exe_old Infected: Trojan-Downloader.Win32.Zlob.jgw skipped
C:\Program Files\NetProject\waun.exe Infected: Trojan-Downloader.Win32.Zlob.jhj skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\Program Files\Performanceoptimizer (Free)\creader.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Program Files\Performanceoptimizer (Free)\pcid.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.c skipped
C:\Program Files\Performanceoptimizer (Free)\PoChk.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\RECYCLER\S-1-5-21-869053257-569883364-928144067-1008\Dc653.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped
C:\RECYCLER\S-1-5-21-869053257-569883364-928144067-1008\Dc654.exe Infected: not-a-virus:AdTool.Win32.Zango.j skipped
C:\RECYCLER\S-1-5-21-869053257-569883364-928144067-1008\Dc655.exe Infected: not-a-virus:AdTool.Win32.Zango.j skipped
C:\RECYCLER\S-1-5-21-869053257-569883364-928144067-1008\Dc656.exe Infected: not-a-virus:AdTool.Win32.Zango.d skipped
C:\RECYCLER\S-1-5-21-869053257-569883364-928144067-1008\Dc657.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP153\A0016297.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP155\A0016345.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP155\A0016345.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP155\A0016345.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP156\A0017297.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP156\A0017298.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP156\A0017299.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP156\A0017303.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP163\A0017407.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP164\A0018407.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0019448.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0019452.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP171\A0019525.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP174\A0020581.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP176\A0020633.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP176\A0020634.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP176\A0021633.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP182\A0021751.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP182\A0021752.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP184\A0021790.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP185\A0021827.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP189\A0021970.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP189\A0021971.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP192\A0022056.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP192\A0022057.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lry skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP194\A0023126.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP197\A0023193.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP197\A0023216.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP199\A0023268.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP202\A0023366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP202\A0023470.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP202\A0023507.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP202\A0025545.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.c skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026944.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026945.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026947.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026958.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026959.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026960.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026961.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026976.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026977.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0026978.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0027002.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP203\A0027173.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027190.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027191.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027193.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027204.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027205.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027206.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027207.exe Infected: Trojan-Downloader.Win32.FraudLoad.op skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027222.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027223.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027224.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027248.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027771.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027771.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027771.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027780.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027781.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027782.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.c skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027783.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027811.dll Infected: Trojan-Downloader.Win32.Zlob.jgp skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027856.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027857.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027858.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027860.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027864.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027866.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027869.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027874.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027875.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027877.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027882.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027887.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027888.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027896.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027898.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027899.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027900.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027903.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027904.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027905.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027908.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027909.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027910.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027911.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027915.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027919.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027930.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027931.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027932.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027933.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027934.dll Infected: not-a-virus:AdWare.Win32.Agent.asj skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027935.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027936.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027937.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027938.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027939.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027940.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027941.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027942.dll Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027943.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027945.exe Infected: Trojan-Downloader.Win32.Zlob.kng skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027947.dll Infected: not-virus:Hoax.Win32.Gavec.ah skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027948.exe Infected: Trojan-Downloader.Win32.Zlob.lps skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027949.exe Infected: Trojan-Downloader.Win32.Zlob.knh skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027950.exe Infected: Trojan-Downloader.Win32.Zlob.jfl skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027951.exe Infected: Trojan-Downloader.Win32.Zlob.jgw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP204\A0027952.exe Infected: Trojan-Downloader.Win32.Zlob.jhk skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP208\A0030517.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP209\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D471EBEB-DCEF-4BD7-8E5C-93F43DA0D790}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\abolvqwo.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\aegbetne.dll_old Object is locked skipped
C:\WINDOWS\system32\awtsr.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\clvhoodj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcyw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fscoqnbw.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\gnhtnbwm.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\hmuufmyw.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\owkxyrbx.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\svchost.exe:exm.exe:$DATA Infected: Trojan.Win32.Agent.ehi skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvustsp.dll Object is locked skipped
C:\WINDOWS\system32\yergkuny.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ygrtiubm.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c0014201.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c002487.dat Infected: Trojan-Downloader.Win32.Agent.jaq skipped
C:\WINDOWS\system32\__c0034BC9.dat Object is locked skipped
C:\WINDOWS\system32\__c0039C3B.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c005F5A4.dat Object is locked skipped
C:\WINDOWS\system32\__c0094C91.dat Object is locked skipped
C:\WINDOWS\system32\__c00993FB.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped
C:\WINDOWS\system32\__c00A3EB7.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c00A86C1.dat Object is locked skipped
C:\WINDOWS\system32\__c00D80CE.dat Infected: Trojan-Downloader.Win32.Agent.jaq skipped
C:\WINDOWS\system32\__c00ED034.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c00F0879.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c00F8004.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\system32\__c00FCB7.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.ecc skipped
C:\WINDOWS\Temp\1000668577.exe Object is locked skipped
C:\WINDOWS\Temp\102139372.exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\WINDOWS\Temp\1215727785.exe Infected: Backdoor.Win32.Agent.hde skipped
C:\WINDOWS\Temp\128725860.exe Object is locked skipped
C:\WINDOWS\Temp\1291795665.exe Infected: Backdoor.Win32.Agent.hde skipped
C:\WINDOWS\Temp\1374735495.exe Infected: Backdoor.Win32.Agent.hde skipped
C:\WINDOWS\Temp\1486687815.exe Object is locked skipped
C:\WINDOWS\Temp\1536888915.exe Object is locked skipped
C:\WINDOWS\Temp\1583024917.exe Infected: Backdoor.Win32.Agent.hde skipped
C:\WINDOWS\Temp\1779049012.exe Object is locked skipped
C:\WINDOWS\Temp\1805742645.exe Object is locked skipped
C:\WINDOWS\Temp\1824826425.exe Infected: Trojan-Downloader.Win32.Isof.ql skipped
C:\WINDOWS\Temp\190678920.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\1981698315.exe Object is locked skipped
C:\WINDOWS\Temp\268467442.exe Object is locked skipped
C:\WINDOWS\Temp\299591925.exe Object is locked skipped
C:\WINDOWS\Temp\41581057.exe Object is locked skipped
C:\WINDOWS\Temp\454470.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\658055002.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\692885767.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\713457547.exe Object is locked skipped
C:\WINDOWS\Temp\793871430.exe Infected: Backdoor.Win32.Agent.hde skipped
C:\WINDOWS\Temp\840494220.exe Object is locked skipped
C:\WINDOWS\Temp\966378682.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\998809792.exe Infected: Trojan-Downloader.Win32.Isof.qk skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\xpupdate.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

Scan process completed.
pskelley
2008-05-04, 11:28
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.

This is a very infected computer, I can help you clean it but it will take some time. If you wish to proceed, start by reading the directions posted above and also pinned (sticky) to the top of this forum, then do this:

1) C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\ <<< clean the Java cache:
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml

2) C:\Program Files\ESET\infected\ <<< delete the contents of that folder in red.

3) You have a very infected System Restore, DO NOT use SR until we clean it later.

4) Follow these directions: Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks
grandcentralcomputers
2008-05-05, 04:04
Hi, I cleaned this computer by hand in the registry. It took all day yesterday and all night. I have spy doctor's full scan running right now. It has been running since 4 am PST. It is 19 percent finished in the scan and 24 percent in total progress with no threats detected so far!
I think I got carpal tunnel from playing with my mouse all night.
I thank you very much for your time. My friend just started having a fit over the computer while waiting for your help, so researched the visuses on line and then used spy doctor to remove the offending registary entries one at a time. Thanks again for your time. I :heart: you guys. Keep up the good fight.
Dan