PDA

View Full Version : Infected and need help


stejoel
2008-05-29, 02:01
Here is the Kapersky log.
Thanks!
Stephen


Wednesday, May 28, 2008 7:36:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 809537
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\
Scan Statistics
Total number of scanned objects 228206
Number of viruses found 7
Number of infected objects 21
Number of suspicious objects 42
Duration of the scan process 02:06:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide.IP.Platinum.3.5.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide.IP.Platinum.3.5.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide.IP.Platinum.3.5.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Keygen\Hide.Ip.Platinum.v3.5.keygen.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Keygen\Hide.Ip.Platinum.v3.5.keygen.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Hide My IP Platinum V3.5 With KeyGen + Screenshots\Keygen\Hide.Ip.Platinum.v3.5.keygen.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Hide.IP.Platinum.3.5.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Hide.IP.Platinum.3.5.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Hide.IP.Platinum.3.5.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Keygen/Hide.Ip.Platinum.v3.5.keygen.exe/data0000.cab/UNINST~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Keygen/Hide.Ip.Platinum.v3.5.keygen.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar/Hide My IP Platinum V3.5 With KeyGen + Screenshots/Keygen/Hide.Ip.Platinum.v3.5.keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw skipped
C:\Documents and Settings\HP_Owner\Desktop\Hide My IP Platinum V3.5 With KeyGen + Screenshots.rar RAR: infected - 6 skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Mon, 30 Sep 2002 18:04:06 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Fri, 1 Nov 2002 21:00:10 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Tue, 20 May 2003 17:28:42 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Thu, 13 Jun 2002 15:27:44 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sun, 27 Jul 2003 22:04:23 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Fri, 8 Aug 2003 09:38:10 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Wed, 8 May 2002 10:29:46 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sun, 3 Nov 2002 17:08:53 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Mon, 12 May 2003 17:48:33 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sun, 4 Aug 2002 17:56:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Fri, 2 Aug 2002 13:24:45 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sat, 25 May 2002 22:44:00 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Thu, 4 Apr 2002 14:05:00 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Wed, 24 Apr 2002 12:30:23 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sun, 3 Nov 2002 17:33:54 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Wed, 26 Feb 2003 16:37:42 -0500 (Eastern Standard Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Thu, 26 Jun 2003 18:21:51 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Sat, 5 Jul 2003 17:30:24 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date ... /[From "Sharon" ][Date Thu, 27 Nov 2003 11:11:13 -0500 (Eastern Standard Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 4 Dec 2003 18:26:20 -0500 (Eastern Standard Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED/[From "Sharon" ][Date Fri, 19 Mar 2004 17:24:20 -0500 (Eastern Standard Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED/[From "Sharon" ][Date Thu, 9 Sep 2004 15:22:08 -0400 (Eastern Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm/[From "Sharon" ][Date Sun, 27 Mar 2005 18:11:50 -0500 (Eastern Standard Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IM\Identities\{5FB7DF98-3BA9-4130-B946-509475B2B652}\Message Store\Sent Items.imm Mail: suspicious - 23 skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\LightScribe\log\log1572.txt Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\vmware-HP_Owner\vmware-vix-HP_Owner-2436.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 .. ... /[From "Sharon" ][Date Mon, 30 Sep 2002 18:04:06 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 ... /[From "Sharon" ][Date Sun, 11 Aug 2002 18:48:05 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 ... /[From "Sharon" ][Date Wed, 17 Jul 2002 16:41:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 -0500]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\IncrediMail Data.cab CAB: suspicious - 8 skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 .. ... /[From "Sharon" ][Date Mon, 30 Sep 2002 18:04:06 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 ... /[From "Sharon" ][Date Sun, 11 Aug 2002 18:48:05 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 ... /[From "Sharon" ][Date Wed, 17 Jul 2002 16:41:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED/[From "Sharon" ][Date Thu, 17 Jan 2002 22:14:36 -0500]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED/[From "Sharon" ][Date Fri, 10 May 2002 15:21:09 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED/[From "Sharon" ][Date Wed, 12 Dec 2001 12:22:08 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm/[From "Sharon" ][Date Tue, 21 May 2002 15:33:39 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab/{5FB7DF98-3BA9-4130-B946-509475B2B652}/Message Store/Sent Items.imm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\HP_Owner\My Documents\Stuff\IncrediMail Data.cab CAB: suspicious - 8 skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BitLord\Downloads\Power ISO v4.1+Serial\Power ISO 4.1.exe/data0000.cab/is154496.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tmj skipped
C:\Program Files\BitLord\Downloads\Power ISO v4.1+Serial\Power ISO 4.1.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.tmj skipped
C:\Program Files\BitLord\Downloads\Power ISO v4.1+Serial\Power ISO 4.1.exe Rsrc-Package: infected - 2 skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddljfkcn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hgGyvwTn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\WINDOWS\system32\jkkKEtUL.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv skipped
C:\WINDOWS\system32\ndbyxxjx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yaywwTjk.dll.bak Infected: not-a-virus:AdWare.Win32.Virtumonde.trk skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2cc.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
Scan process completed.
Blade81
2008-05-29, 09:32
I think you missed BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) sticky. ;)

Follow the instructions there and post a fresh hjt log.
Blade81
2008-06-04, 18:28
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.