smitfraud C coreservice

[jfrey]

I have completed the combo fix and the Kasperskky scan and included the logs below. I scanned again with SB S&D and I do not se any of the viruses that could not be removed on an earlier scan. Do you recommend I do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:00 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BA1A96-BB0E-40D5-B2C5-CBF427E595D9} - C:\WINDOWS\system32\csfifrpc.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {35E6FC3A-6AFB-1220-AB4F-6CE33C90A8CD} - C:\WINDOWS\system32\jxmfah.dll (file missing)
O2 - BHO: (no name) - {42F2260C-5DF4-480A-A26E-990A21E0CC86} - C:\WINDOWS\system32\csfifrpc.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A217DB68-C0F7-46A0-84EF-0929E0AB7F58} - C:\WINDOWS\system32\csfifrpc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Jim\Application Data\Deskbar_{67CCBECD-B34A-40f2-8070-CB58311A55A7}\starter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{8067D2CA-095F-1033-0311-030109200001}] "C:\Program Files\Common Files\{8067D2CA-095F-1033-0311-030109200001}\Update.exe" mc-110-12-0000627
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8067D2CA-095F-1033-0311-030109200001}] "C:\Program Files\Common Files\{8067D2CA-095F-1033-0311-030109200001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8067D2CA-0960-1033-0311-030109200001}] "C:\Program Files\Common Files\{8067D2CA-0960-1033-0311-030109200001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{8067D2CA-095F-1033-0311-030109200001}] "C:\Program Files\Common Files\{8067D2CA-095F-1033-0311-030109200001}\Update.exe" mc-110-12-0000627 (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: awtrrpq - awtrrpq.dll (file missing)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: InprocServer32 - C:\WINDOWS\
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: libtcp - c:\windows\repair\libtcp.dll (file missing)
O20 - Winlogon Notify: Programmable - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11564 bytes

KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 7:48:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570328


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Jim\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 20207
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:18:49

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{1B6D2694-7566-4F49-B19D-F3C7F51A804D}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\aa.exe Infected: Trojan.Win32.Zapchast.cx skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\Jim\LOCALS~1\Temp\hpodvd09.log Object is locked skipped

C:\DOCUME~1\Jim\LOCALS~1\Temp\~DF416C.tmp Object is locked skipped

C:\DOCUME~1\Jim\LOCALS~1\Temp\~DFF243.tmp Object is locked skipped

C:\DOCUME~1\Jim\LOCALS~1\Temp\~DFF250.tmp Object is locked skipped

Scan process completed.

[jfrey]

Hello

I started a thread yesterday and recieved an email from Norma suggesting that I perform a kaspersky scan as well as perform a smitfraufix download and fix. I have done both. I have attached the Kaspersky scan report in this post.

KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 3:04:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 572562
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 79057
Number of viruses found: 13
Number of infected objects: 113
Number of suspicious objects: 0
Duration of the scan process: 01:05:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Jim\aa.exe Infected: Trojan.Win32.Zapchast.cx skipped
C:\Documents and Settings\Jim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\History\History.IE5\MSHist012008021820080219\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\net.exe/data0002 Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\Documents and Settings\Jim\net.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\Jim\net.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Jim\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\prgm that will remove spywareQuake virusBurst\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrqnm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxwuut.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxxxwt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cyqskisr.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcbyvv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdcbb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dfovrdrj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcbcde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyaxu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyxus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\einuvqvk.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\estpjbwu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fojukjfp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gkgoqjiq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggebyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hhpfdeiy.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hvupkxjj.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifffee.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkklki.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkklljg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfcabb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfcabx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfdecd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfggdd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjgghi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjigdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjkjif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjhee.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlljg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnnkj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnoop.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnllii.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnlig.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomnm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qnijosoq.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qomlmjk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qomnoom.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrrqnm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrrrqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rwugxwkp.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\slpkedwo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvtsro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvtsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvvsq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvwvwt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uifkssjm.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqnnoo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuvvwx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyxwu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayabya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayxuuv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\QooBox\Quarantine\catchme2008-02-17_182017.04.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\catchme2008-02-17_182017.04.zip ZIP: infected - 1 skipped
C:\quarantine\404-3[1].htm.Vir Infected: Trojan-Downloader.JS.Psyme.jf skipped
C:\quarantine\s[1].htm.Vir Infected: Trojan-Downloader.VBS.Agent.au skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138436.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138438.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138439.dll Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138441.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138442.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138444.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138445.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138446.dll Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138447.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138448.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138449.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138450.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138451.dll Infected: not-a-virus:AdWare.Win32.BHO.pq skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138452.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138453.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138454.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138455.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138456.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138457.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138458.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138461.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138462.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138463.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138464.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138465.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uy skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138466.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138467.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138468.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138469.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138470.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138474.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138475.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138476.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138477.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138479.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138481.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP880\A0138486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{8B1F85F6-242F-4A05-9C4F-A2A4447B79E8}\RP886\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\aa.exe Infected: Trojan.Win32.Zapchast.cx skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.

[pskelley]

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

First things first, this is likely a very dangerous trojan (or more), and this is likely the one you have:
http://www.bleepingcomputer.com/star....exe-6405.html
http://www.trendmicro.com/vinfo/viru...=BKDR_SDBOT.TF

This memory-resident backdoor program compromises system security by allowing a remote malicious user to gain access over all files and resources of a target machine. It has the ability to steal vital system information, as well as CD keys of popular game applications installed on a system

Read all of that information.

NOTE: We do NOT ask Users to run fixes before helpers have analyzed HJT/KAV scans
http://forums.spybot.info/showthread.php?t=16806

http://forums.spybot.info/showthread.php?t=288

Malware Removal: only people with the following titles above their avatar may assist members.
MRU Helper, Security Helper, Security Warrior, Security Expert, Developer, Team Spybot.
If another member sents you a PM with malware removal instructions, be warned not to follow that advice.

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Let us know what you have decided to do in your next post.

Thanks

[pskelley]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.