Results 1 to 5 of 5

Thread: problem with virtumonde and other harmful stuff

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    3

    Default problem with virtumonde and other harmful stuff

    virtumonde had proven itself to be a pain in the *** and need desperate help in getting rid of it as the computer that is infected is very important to me. thanks in advance.

    Necessary logs:

    HJT log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:44:30 PM, on 8/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\yxtsnrjr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\adasoftw.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\anything.exe

    R3 - URLSearchHook: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {27013B4F-D143-405A-9FA5-E17BDA0F77Ac} - C:\WINDOWS\system32\unnqanhb.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AF5DA48D-15BA-4DF1-85B0-AADD6007DCC5} - C:\WINDOWS\system32\mllmj.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gbjbxnbu.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ssqqopq.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: ?ì3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Ad-aware Soft] adasoftw.exe
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bsgwkccc.dll",forkonce
    O4 - HKLM\..\RunServices: [Ad-aware Soft] adasoftw.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
    O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: 使用 Download &Express 下载(&M) - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
    O20 - Winlogon Notify: ssqqopq - C:\WINDOWS\SYSTEM32\ssqqopq.dll
    O21 - SSODL: prodigy323 - {77C57395-C0AA-47B5-A30E-AB64905350A8} - prodigy323.dll (file missing)
    O21 - SSODL: prodigy1 - {03E5EEB0-A660-4C16-B587-AFE29B36E710} - newsystem25.dll (file missing)
    O21 - SSODL: prodi1 - {B47D9A53-BC44-4DFC-9BB6-074B5F6133BF} - prodgs525.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\yxtsnrjr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10193 bytes

  2. #2
    Junior Member
    Join Date
    Aug 2007
    Posts
    3

    Default

    Kaspersky log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, August 23, 2007 9:42:20 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 23/08/2007
    Kaspersky Anti-Virus database records: 387495
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 77587
    Number of viruses found: 12
    Number of infected objects: 62
    Number of suspicious objects: 0
    Duration of the scan process: 01:47:20

    Infected Object Name / Virus Name / Last Action
    C:\dbqanu.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\dirawap.exe Infected: Trojan-Proxy.Win32.Dlena.cq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Retro\bsebbi.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\cekulx.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Retro\Desktop\installers\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    C:\Documents and Settings\Retro\Desktop\installers\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    C:\Documents and Settings\Retro\Desktop\installers\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    C:\Documents and Settings\Retro\Desktop\installers\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
    C:\Documents and Settings\Retro\fnexhv.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\hsewsd.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\jrukcv.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\jtegtw.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\jupnij.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\koetws.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\kruyey.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\XKSMIWKN\search[3].htm Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\XKSMIWKN\search[4].htm Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\XKSMIWKN\search[5].htm Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\XKSMIWKN\search[6].htm Object is locked skipped
    C:\Documents and Settings\Retro\Local Settings\Temporary Internet Files\Content.IE5\XKSMIWKN\stl[1].exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\lorkyu.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\lyghlj.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\lzustl.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\ntqvyf.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Retro\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Retro\pwqacj.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\rawrin.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\wejcwd.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\wmwkuo.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Documents and Settings\Retro\zubskq.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Downloads\vtp7.zip/Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
    C:\Downloads\vtp7.zip/Vista Transformation Pack 7.0.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
    C:\Downloads\vtp7.zip ZIP: infected - 2 skipped
    C:\gwtxah.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\kdmjnl.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\lscce.exe Infected: Trojan-Proxy.Win32.Dlena.cq skipped
    C:\otsevw.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    C:\qvijvj.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\qxlhor.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\rilwfx.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\sundiy.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\sxlzvy.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\tadscw.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\usdpym.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\wgipyg.exe Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\NUSHS-D5376BC87.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\myphotos2007.zip/DSC515607.jpg-www.pictureland.com Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\WINDOWS\myphotos2007.zip ZIP: infected - 1 skipped
    C:\WINDOWS\PictureAlbum2007.zip/DSC515607.jpg-www.photobucket.com Infected: Trojan.Win32.Delf.ads skipped
    C:\WINDOWS\PictureAlbum2007.zip ZIP: infected - 1 skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\gnqtgddc.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\WINDOWS\system32\hrbfsneb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\WINDOWS\system32\mllmj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
    C:\WINDOWS\system32\msvcrtd.exe Infected: Backdoor.Win32.Agent.alm skipped
    C:\WINDOWS\system32\newsystem25.dll Infected: Backdoor.Win32.IRCBot.acd skipped
    C:\WINDOWS\system32\prodigy323.dll Infected: Trojan-PSW.Win32.WOW.ru skipped
    C:\WINDOWS\system32\prodigys323.dll Infected: Trojan-PSW.Win32.WOW.ru skipped
    C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
    C:\WINDOWS\system32\pwqbscej.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\WINDOWS\system32\ssqqopq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\WINDOWS\system32\tgpuqnee.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\WINDOWS\system32\tscbdyri.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\yceotrms.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\WINDOWS\system32\yxtsnrjr.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\WINDOWS\Temp\ZLT037e6.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT037ec.TMP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\wrwjpop.exe Infected: Backdoor.Win32.Agent.alm skipped
    C:\wvfeyh.exe Infected: Backdoor.Win32.IRCBot.acd skipped

    Scan process completed.

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    3

    Default

    anyone?

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello.

    Did you read the stickies where we ask people not to bump?
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    The Waiting Room: Post here if waiting for help longer than four days

    Your topic was started today.

    Once you have read this please let me know, and I will remove your bump and my post.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been moved to archives.

    If you need the thread re-opened, please send me a private message (pm) and provide a link.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •