Please help with Virtumonde!

[varela79]

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:14 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\1144034937\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10283
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144034937\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [28795694] rundll32.exe "C:\WINDOWS\system32\poqycbpy.dll",b
O4 - HKLM\..\Run: [BM2b4a6508] Rundll32.exe "C:\WINDOWS\system32\ffxlfubb.dll",s
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{2879563B-0AE9-1033-0103-060914050001}] "C:\Program Files\Common Files\{2879563B-0AE9-1033-0103-060914050001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2879563B-0AE9-1033-0103-060914050001}] "C:\Program Files\Common Files\{2879563B-0AE9-1033-0103-060914050001}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2879563B-0AE9-1033-0103-060914050001}] "C:\Program Files\Common Files\{2879563B-0AE9-1033-0103-060914050001}\Update.exe" mc-110-12-0000137 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10565 bytes

 

[varela79]

kaspersky log 1st half

And Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 01, 2008 5:12:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/02/2008
Kaspersky Anti-Virus database records: 543302
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 133218
Number of viruses found: 62
Number of infected objects: 198
Number of suspicious objects: 2
Duration of the scan process: 01:43:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeKeyLogger.zip/UninsHs.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FreeKeyLogger.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip/fwochkln.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip/fcywwts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll2.zip/fcywwts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll3.zip/fcywwts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll4.zip/fcywwts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip/b122.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip/Yazzle1396OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip/Yazzle1122OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\history.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\key3.db Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jaime Varela\Application Data\Sun\Java\Deployment\log\plugin150_10.trace Object is locked skipped
C:\Documents and Settings\Jaime Varela\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\ggg.bat Infected: Trojan.BAT.DelFiles.be skipped
C:\Documents and Settings\Jaime Varela\Incomplete\T-768605-Microsoft Office 2004 for Mac.rar/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped
C:\Documents and Settings\Jaime Varela\Incomplete\T-768605-Microsoft Office 2004 for Mac.rar ZIP: infected - 1 skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Mozilla\Firefox\Profiles\tjink6ki.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\D1426.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\D1426.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\D1426.tmp/stream Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\D1426.tmp NSIS: infected - 3 skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\hsperfdata_Jaime Varela\3940 Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\JET406F.tmp Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\mofugclq.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\mshtml2.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gm skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\qrjatydi.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\urclqecd.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temp\~ROMFN_00000898 Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\Content.IE5\5S93ZTCO\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.fcw skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\Content.IE5\VLAYKI78\gamadril20071203[1] Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\Content.IE5\VLAYKI78\ico[1] Infected: Trojan-PSW.Win32.Magania.eck skipped
C:\Documents and Settings\Jaime Varela\Local Settings\Temporary Internet Files\Content.IE5\VLAYKI78\ptch[2] Infected: not-a-virus:AdWare.Win32.SuperJuan.abi skipped
C:\Documents and Settings\Jaime Varela\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jaime Varela\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\{2879563B-0AE9-1033-0103-060914050001}\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\111.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1422.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1422.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1422.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2A1.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2C.tmp Infected: Trojan-Downloader.JS.Psyme.cz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\30E5.tmp Infected: Trojan-Spy.Win32.Agent.ed skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\338.tmp/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\338.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\338.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\45.tmp/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\45.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\45.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\60.tmp Infected: not-a-virus:Monitor.Win32.OverSpy.a skipped

 

[varela79]

Kaspersky 2nd half

C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc2\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc4\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc6\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc50\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc52\setup.exe NSIS: infected - 6 skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc53.zip ZIP: infected - 7 skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc54.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\RECYCLER\S-1-5-21-1053833990-3038691452-563063507-1005\Dc54.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file01 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file02 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file06 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file07 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file08 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe/file14 Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070867.exe Inno: infected - 6 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070868.exe/file3 Infected: not-a-virus:Monitor.Win32.OverSpy.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070868.exe/file4 Infected: Trojan-Spy.Win32.Agent.ed skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070868.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070869.exe/data0002 Infected: not-a-virus:Monitor.Win32.PaqKeyLog.b skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070869.exe/data0003 Infected: not-a-virus:Monitor.Win32.PaqTool.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070869.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070870.exe/file001 Infected: Backdoor.Win32.Rbot.fev skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070870.exe/file200 Infected: not-a-virus:Monitor.Win32.KGBSpy.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070870.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070871.exe/file3 Infected: not-a-virus:Monitor.Win32.OverSpy.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070871.exe/file4 Infected: Trojan-Spy.Win32.Agent.ed skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070871.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070872.exe/file001 Infected: not-a-virus:Monitor.Win32.KGBSpy.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070872.exe/file002 Infected: not-a-virus:Monitor.Win32.KGBSpy.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070872.exe/file003 Infected: not-a-virus:Monitor.Win32.KGBSpy.g skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070872.exe/file191 Infected: not-a-virus:Monitor.Win32.KGBSpy.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0070872.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070939.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070943.dll Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070944.dll Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070945.dll Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070947.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0070948.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0071018.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP663\A0071022.exe Infected: Trojan-Downloader.Win32.Tibs.rl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0071059.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0071064.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0071070.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0072022.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0076052.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP664\A0076056.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0076125.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0076126.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0076128.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0077036.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP668\A0083196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP677\A0083452.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.g skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP677\A0083453.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083479.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0083485.dll Infected: not-a-virus:Monitor.Win32.KGBSpy.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP679\A0084510.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP685\A0085739.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP689\A0086746.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP689\A0086747.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP692\A0086877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP692\A0086878.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP699\A0087066.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP699\A0087067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP699\A0087068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP699\A0087069.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP701\A0087145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP703\A0087233.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP711\A0087482.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP711\A0087496.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP713\A0087543.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP713\A0087544.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP718\change.log Object is locked skipped

 

[varela79]

3rd half...sorry, didnt know it was going to be that long!

C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b111.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\WINDOWS\b147.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\ModemLog_Motorola USB Modem #6.txt Object is locked skipped
C:\WINDOWS\mrofinu72.exe Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3EA4DCB7-711F-48A9-8632-61E05623342B}.crmlog Object is locked skipped
C:\WINDOWS\SA2880DFD.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SmFpbWUgVmFyZWxh\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SmFpbWUgVmFyZWxh\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F87DCD42-B6B6-4BE4-858C-199DB11BF70C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\aravkgma.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\bdcnyyts.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\bqcymfre.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ceyktwyf.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dlviygvs.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\edxnalqb.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\ehisjpdu.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\ehupuork.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\fcywwts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\WINDOWS\system32\fdfitoct.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\fpdftido.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\gbvdkvob.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\ggg.bat Infected: Trojan.BAT.DelFiles.be skipped
C:\WINDOWS\system32\gpvntuuq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\guijjjkf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hcydnmhm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\hfbenmln.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\ijwuvmpt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\itwkqxko.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\jaqffnjd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\jmbpsdfm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\jvijntep.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\kefwowus.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\kuapacrg.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\lcgbkvnl.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\lmtynxfr.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mcwwnkkl.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\mrtlkqpx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\nifqjjnc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\WINDOWS\system32\odhgmppp.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\oegmkiue.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\ovlfpkoo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnr skipped
C:\WINDOWS\system32\pgxnnvde.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\WINDOWS\system32\plpxkagw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped
C:\WINDOWS\system32\pvvpyqkp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\pwyfalig.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\qhpxofuy.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\qlyelmbh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\rltxdgmp.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\WINDOWS\system32\rsygfqtj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\WINDOWS\system32\ruiwujfi.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\tdfajtdw.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\uerfjffs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped
C:\WINDOWS\system32\unjsjwva.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\WINDOWS\system32\unsvchosts.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\WINDOWS\system32\vksojfhj.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\voxwcdya.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wkavvjrh.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\system32\wlnngpio.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\yvxlatdj.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\WINDOWS\system32\yxavvwev.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP718\change.log Object is locked skipped

Scan process completed.

 

[varela79]

Virtumonde...More symptoms

Some symptoms include javascript being disabled in both ie and mozilla firefox. Sites such as ebay and myspace are near impossible to navigate sometimes. And like I said before, javascript sites such as excite, youtube and others are real hard to navigate through... Everytime I fix with spybot S&D and reboot virtumonde keeps coming back! Please help!

 

[varela79]

Got it...

Hi there. I ran Vundo fix and I think I got it. If someone can still get to me to check out new logs please reply and I will provide.