Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Major Problems With Multiple Virus/malware


  • Please log in to reply
4 replies to this topic

#1 mr ggm

mr ggm

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 29 April 2008 - 04:24 PM

Hi all,

I've been have major problems with malware/virus. This is a Hijackthis log after running AVG, ComboFix and Kaspersky online AV. Please help I'm having a bad time with all this, Combofix has helped kill some of the virus off but I don't know what to do..............Next post is the Kaspersky AV report (extended scan)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:33, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jxxx Nxxx\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: (no name) - autorunsdisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: FreshDownload - {8A70059D-1993-4067-9FB9-7CCEE0732EB8} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{099BB105-5392-4537-90C1-75BAFFD97DD1}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{099BB105-5392-4537-90C1-75BAFFD97DD1}: NameServer = 195.92.195.94 195.92.195.95
O20 - Winlogon Notify: autorunsdisabled - C:\WINDOWS\
O20 - Winlogon Notify: ddcypnmf - ddcYpnMF.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7675 bytes

BC AdBot (Login to Remove)

 


#2 mr ggm

mr ggm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 29 April 2008 - 04:25 PM

Kaspersky report:


Tuesday, April 29, 2008 8:28:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731399


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 46476
Number of viruses found 13
Number of infected objects 75
Number of suspicious objects 0
Duration of the scan process 00:37:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp21.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp21.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp24.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp24.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp27.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp27.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip/cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/ddcYOHYQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/hymfsttp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip/awtrRkIX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip/lkndcgah.dll Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/mlJDwuUk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip/bflclcqg.dll Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip/egkqaokn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip/hgGASigh.dll Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip/urqNFuRk.dll Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/lrolerfg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/xxyvvVLB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip/ddcYOHYQ.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/awtrRkIX.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/gcvbpchu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip/suuupbuv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje.zip/1209257803.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje.zip ZIP: infected - 1 skipped

C:\Documents and Settings\\cftmon.bac Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\\cftmon.bac1 Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\\cftmon.bac2 Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\\cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\History\History.IE5\MSHist012008042120080428\index.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\History\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped

C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\\ntuser.dat Object is locked skipped

C:\Documents and Settings\\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\cftmon.exe Infected: Worm.Win32.Socks.fg skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\AnalogX\Proxy\proxy.exe Infected: not-a-virus:Server-Proxy.Win32.AnalogX.414 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYpnMF.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\spools.exe.vir Infected: Worm.Win32.Socks.fg skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ekfmttgx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkKbCsq.dll.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\merxxfpv.dll.vir Infected: Packed.Win32.Monder.gen skipped

C:\QooBox\Quarantine\catchme2008-04-29_164822.98.zip/hqiopa.sys Infected: Trojan.Win32.Pakes.ctm skipped

C:\QooBox\Quarantine\catchme2008-04-29_164822.98.zip/jkkKbCsq.dll Infected: Packed.Win32.Monder.gen skipped

C:\QooBox\Quarantine\catchme2008-04-29_164822.98.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000007.exe Infected: Worm.Win32.Socks.fg skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000013.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000031.dll Object is locked skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000050.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000089.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000090.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000092.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000093.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\A0000106.dll Object is locked skipped

C:\System Volume Information\_restore{A653DC19-2B1B-4A47-8C04-A8E875EBF232}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\JAN.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\ModemLog_Creative Modem Blaster USB.txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\Download\27351338b61f8a3b1808532ac895046b\BIT16.tmp Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\Bjq20.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\lcss.bac Infected: Backdoor.Win32.DsBot.ox skipped

C:\WINDOWS\system32\rqRHwUKc.bac Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\WLCtrl32.dll Object is locked skipped

C:\WINDOWS\Temp\ZLT00bbd.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#3 mr ggm

mr ggm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 30 April 2008 - 05:13 PM

Hi all, Great news :thumbsup:

I manage to kill all of the malware/trojans with a good bit of help from andys programs(great stuff). I had to fiddle with the registry a bit though and explorer wouldn't load but I got it fixed today. I spent 3 days on this bloody thing and now the PC is working brilliant like brand new, and the net is so much faster too :blink: :wacko: :)

Thanks for the programs guys, they were very useful deleteing the reg entries and the "immovable" trojans. Quality!!!

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:29 AM

Posted 16 May 2008 - 05:47 AM

Hello mr ggm

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.

If you have resolved this issue please let us know.

#5 mr ggm

mr ggm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 16 August 2008 - 12:13 PM

Hello mr ggm

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.

If you have resolved this issue please let us know.


Sorry for the late reply and yes everything was fixed and the PC has been working very happily since. Had a Html fraud trojan alert a couple of days ago from Kaspersky but seems like its in an old deleted email in my system logs somewhere, but don't think its a threat. Anyway as I said way back in april the programs are great and they sorted everything out, it was crazy but now it peaceful :blink:

Cheers again all :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users