Adware-not a virus:Adware.Win32.virtumonde.ki Need Help to remove it

[Xorxhs]

Thx in advance for your help,these are my log files

Logfile of HijackThis v1.99.1
Scan saved at 2:34:20 μμ, on 20/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe
C:\Windows\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\SYSTRAN\5.0\Premium\SYSTRA~3.EXE
C:\Program Files\Downloads\Utils\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\Windows\system32\mvtxivty.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" /T
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [XarkaToday] "C:\Program Files\Today Application\Today.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138410717906
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164897171552
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[Xorxhs]

Kaspersky Report

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ki File: C:\WINDOWS\SYSTEM32\LFDTODAV.DLL//PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.Agent.anr File: C:\WINDOWS\SYSTEM32\UAVLRCSG.EXE
detected: Trojan program Trojan.Win32.Agent.anr URL: http://82.98.235.61/test/koocwolla_...uid=46f042b1+701A7F4B36A7495FADB4771A7A8E614B
deleted: Trojan program Trojan.Win32.Agent.anr Running module: uavlrcsg.exe\uavlrcsg.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ki URL: http://82.98.235.61/ffa/ffa_mv20070...B36A7495FADB4771A7A8E614B//PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP735\A0788187.exe
deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP739\A0791313.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ki File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP741\A0792395.dll//PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP741\A0792402.dll//Virtumonde//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ki File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP741\A0792404.dll//PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.BHO.bd File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP741\A0792411.dll//Virtumonde//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ki File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP741\A0792412.dll//PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP745\A0792688.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ki File: C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP745\A0792689.dll//PE_Patch.PECompact
deleted: Trojan program Trojan-Spy.Win32.Ardamax.j File: C:\Program Files\Downloads\Torrents\Nero 7.9.6 [NEW 1 jun 2007]\keygen.exe
deleted: Trojan program Trojan-Spy.Win32.Ardamax.e File: C:\WINDOWS\system32WXBP.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.kg URL: http://82.98.235.61/ffa/ffa_mv20070...B4771A7A8E614B//Virtumonde//PE_Patch.UPX//UPX
detected: Trojan program Trojan.Win32.BHO.bd URL: http://82.98.235.61/nauj/nauj_20070...B4771A7A8E614B//Virtumonde//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.kg File: C:\Windows\system32\rwnweuaj.dll//Virtumonde//PE_Patch.UPX//UPX
detected: riskware Invader Running process: C:\Windows\system32\winlogon.exe
detected: riskware Trojan.generic Running process: C:\Documents and Settings\Administrator\Local Settings\Temp\is-N23LC.tmp\is-5REBO.tmp
deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\Windows\system32\lsoupaht.dll

 

[Xorxhs]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 20, 2007 7:20:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/06/2007
Kaspersky Anti-Virus database records: 349264
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 95185
Number of viruses found: 10
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 03:24:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\Working\database_11FC_12B8_46F0_42B1\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\Working\database_11FC_12B8_46F0_42B1\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\Working\database_11FC_12B8_46F0_42B1\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Xorxhs@hotmail.com\SharingMetadata\Working\database_11FC_12B8_46F0_42B1\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\Xorxhs@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\Xorxhs@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007062020070621\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_4b8.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA749.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFAE03.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE4BA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE4CD.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\00df_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\00e2_Web_Monitoring_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\00e2_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-20.10-19-45.log Object is locked skipped
C:\Program Files\Downloads\Torrents\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe Infected: not-a-virus:Monitor.Win32.Ardamax.k skipped
C:\Program Files\Downloads\Torrents\lotro\lotrosetup-1e.bin Object is locked skipped
C:\Program Files\Downloads\Torrents\Windows.XP.Pro.SP2.2006-04.25.CD\Windows.XP.Pro.SP2.2006-04-25.CD.iso/$OEM$/$$/SYSTEM32/CMDOW.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Downloads\Torrents\Windows.XP.Pro.SP2.2006-04.25.CD\Windows.XP.Pro.SP2.2006-04-25.CD.iso ISO image: infected - 1 skipped
C:\Program Files\Downloads\Utils\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Downloads\Utils\mirc616.exe mIRC: infected - 1 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvvv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP708\A0776840.exe Infected: not-a-virus:AdTool.Win32.WhenU.c skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP745\A0792697.exe Infected: Trojan-Spy.Win32.Ardamax.j skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP745\A0792706.exe Infected: Trojan-Spy.Win32.Ardamax.e skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP745\A0794804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP746\A0794958.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP746\A0794964.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{6B7BD2FE-1193-4F55-9CC7-1FD29308AB05}\RP747\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\6to4svc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\inetmib1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\ip6fw.pnf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\iphlpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\ipv6mon.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netip6.inf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netoc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netoc.inf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netsh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\p2p.pnf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\tcpip6.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\wship6.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB820291$\appwiz.cpl Object is locked skipped
C:\WINDOWS\$NtUninstallKB820291$\explorer.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB820291$\shmgrate.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB821253$\dwwin.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB821253$\faultrep.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB822603$\hccoin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB822603$\usbehci.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB822603$\usbhub.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB822603$\usbport.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB822603$\usbuhci.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB823182$\cryptui.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824105$\netbt.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ810833$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ814033$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\acgenral.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apphelp.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apph_sp.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apps.chm Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apps_sp.chm Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ815021$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ817287$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AE5E50BF-4784-40D1-8BDC-A189B575309B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mvtxivty.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32WXBP.006 Infected: not-a-virus:Monitor.Win32.Ardamax.271 skipped
C:\WINDOWS\system32WXBP.007 Infected: not-a-virus:Monitor.Win32.Ardamax.271 skipped
C:\WINDOWS\TEMP\cch~4e9106770966.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~4e9106a6788e.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~5aaa451193b4.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~5aaa453cb3a0.htp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-0000000A-00001102-00000004-10021102}.CDF Object is locked skipped

Scan process completed.

 

[Xorxhs]

any ideas about my problem?

 

[tashi]

Hello.

For people waiting who have not resolved their problem, we have a sticky topic:
If you have waited FOUR days for advice post here.

However if members waiting for assistance do not post there, their topic is archived after seven days.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.