Tech Support Forum - View Single Post - Vundo Adclicker removal assistiance logs attached

dacole · 01-26-2008, 10:49 AM

Don't seem to be quite done yet at least the online scan found some things it seems. Amazingly.

Hijack this log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Startup: Kremlin Sentry.LNK = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1174406505544
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174406501873
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: McAfee Application Installer Cleanup (0123071200665193) (0123071200665193mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012307~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10907 bytes

The kapaskey log found some things but it only allows me to save it as web page not a text file...copy and paste from the web page it saved as

KASPERSKY ONLINE SCANNER REPORT
2008-01-25 11:17
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532950
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 189512
Number of viruses found 10
Number of infected objects 25
Number of suspicious objects 0
Duration of the scan process 01:55:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{66445BA4-3C4F-42C4-B495-C524FBBBA8C9}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C57598F4-6ED4-4CC9-957C-133E4C3FF108}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\history.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\key3.db Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Daniel Cole\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\History\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Temp\~DF28EA.tmp Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel Cole\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Daniel Cole\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Canon\MultiPASS\repos\Db\mpdata.dat Object is locked skipped
C:\Program Files\Canon\MultiPASS\repos\Db\mpdata.idx Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ajqgklad.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\asltreif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\baanmdvf.dll.vir Infected: Trojan.Win32.BHO.abs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hlckvweg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hoiwrluv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nyidtmbw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpmaefwk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qtxvsmkh.dll.vir Infected: Trojan.Win32.BHO.abs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tqqunkch.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wteluwnh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xqgcrbxh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\QooBox\Quarantine\catchme2008-01-24_ 05820.32.zip/mljjihe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\QooBox\Quarantine\catchme2008-01-24_ 05820.32.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP13\change.log Object is locked skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000644.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000649.dll Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000655.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000657.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000673.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000674.dll Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000678.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000683.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000686.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_w8QXT4qifehV3tq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_BeUNcQbrvRS75FC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_CsutCxG4g5jDzXf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_H7sYTaPEQa8dSXx Object is locked skipped
C:\WINDOWS\Temp\mcmsc_WZKMcRPp9i0esZN Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP13\change.log Object is locked skipped
Scan process completed.

01-26-2008, 10:49 AM	#8 (permalink)
dacole Registered User Join Date: Jan 2008 Location: New Bern, North Carolina Posts: 7 OS: Win XP service pack 2	Re: Vundo Adclicker removal assistiance logs attached Don't seem to be quite done yet at least the online scan found some things it seems. Amazingly. Hijack this log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18, on 2008-01-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Canon\MultiPASS\mpservic.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - Startup: Kremlin Sentry.LNK = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1174406505544 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174406501873 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: McAfee Application Installer Cleanup (0123071200665193) (0123071200665193mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012307~1.EXE (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe -- End of file - 10907 bytes The kapaskey log found some things but it only allows me to save it as web page not a text file...copy and paste from the web page it saved as KASPERSKY ONLINE SCANNER REPORT 2008-01-25 11:17 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 25/01/2008 Kaspersky Anti-Virus database records: 532950 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 189512 Number of viruses found 10 Number of infected objects 25 Number of suspicious objects 0 Duration of the scan process 01:55:14 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{66445BA4-3C4F-42C4-B495-C524FBBBA8C9}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C57598F4-6ED4-4CC9-957C-133E4C3FF108}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\cert8.db Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\history.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\key3.db Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\parent.lock Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\search.sqlite Object is locked skipped C:\Documents and Settings\Daniel Cole\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Daniel Cole\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Application Data\Mozilla\Firefox\Profiles\5w64bjgz.default\XUL.mfl Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\History\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Temp\~DF28EA.tmp Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Daniel Cole\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Daniel Cole\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Canon\MultiPASS\repos\Db\mpdata.dat Object is locked skipped C:\Program Files\Canon\MultiPASS\repos\Db\mpdata.idx Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ajqgklad.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped C:\QooBox\Quarantine\C\WINDOWS\system32\asltreif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped C:\QooBox\Quarantine\C\WINDOWS\system32\baanmdvf.dll.vir Infected: Trojan.Win32.BHO.abs skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hlckvweg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hoiwrluv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nyidtmbw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qpmaefwk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qtxvsmkh.dll.vir Infected: Trojan.Win32.BHO.abs skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tqqunkch.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wteluwnh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xqgcrbxh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped C:\QooBox\Quarantine\catchme2008-01-24_ 05820.32.zip/mljjihe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped C:\QooBox\Quarantine\catchme2008-01-24_ 05820.32.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP13\change.log Object is locked skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000644.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000649.dll Infected: Trojan.Win32.BHO.abs skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000655.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000657.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000673.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000674.dll Infected: Trojan.Win32.BHO.abs skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000678.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000683.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000686.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped C:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP7\A0000701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atj skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcafee_w8QXT4qifehV3tq Object is locked skipped C:\WINDOWS\Temp\mcmsc_BeUNcQbrvRS75FC Object is locked skipped C:\WINDOWS\Temp\mcmsc_CsutCxG4g5jDzXf Object is locked skipped C:\WINDOWS\Temp\mcmsc_H7sYTaPEQa8dSXx Object is locked skipped C:\WINDOWS\Temp\mcmsc_WZKMcRPp9i0esZN Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{EC71D1EA-57CD-40C9-ACFC-111830100830}\RP13\change.log Object is locked skipped Scan process completed. Last edited by dacole; 01-26-2008 at 10:51 AM.