1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Cant delete trojan vundo

Discussion in 'Virus & Other Malware Removal' started by bigkieth, May 4, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    please can anyone give me the right advise to finally delete this trojan from my pc, my pc is being over run by mulitple infections and i just dont know how to get rid of it !

    i am using windows vista, and my antivirus is bitdefender
     
  2. Sponsor

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy the entire report and paste it in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
  4. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:16:24, on 06/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DVA Gate - {5BFC1E05-8287-420E-8526-F6D76E1FEBB8} - C:\Windows\gndarmblsnv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: wxdbpfvo - {C3169036-557E-45E1-840F-C845DC406C55} - C:\Windows\wxdbpfvo.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvTljjH.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kie\AppData\Local\Temp\jkkjgdEv.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kie\AppData\Local\Temp\nnnKBRig.dll,c
    O4 - HKCU\..\Run: [vkkrklcx] C:\Windows\system32\hmpazsdw.exe
    O4 - HKCU\..\Run: [BM035199c9] Rundll32.exe "C:\Users\kie\AppData\Local\Temp\aqrbqsjv.dll",s
    O4 - HKLM\..\Policies\Explorer\Run: [SYiJec96Be] C:\ProgramData\rqjqjkvm\nkvshmpq.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O21 - SSODL: qadovnel - {418FE949-7EF6-4D85-9037-C29D6E32EF1D} - C:\Windows\qadovnel.dll
    O21 - SSODL: bdkpfxqw - {2884DFB4-FA41-47BF-A470-6FD6FD356C19} - C:\Windows\bdkpfxqw.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6063 bytes
     
  5. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    Malwarebytes' Anti-Malware 1.12
    Database version: 723

    Scan type: Quick Scan
    Objects scanned: 46733
    Time elapsed: 6 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 46
    Registry Values Infected: 12
    Registry Data Items Infected: 0
    Folders Infected: 5
    Files Infected: 100

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{bc7d8de8-ef3d-4f44-8b54-03759fac1367} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eff4851a-2e0c-4d2f-b916-862955b8e721} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f94bab71-2806-45f1-bb49-3c2a128085f7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c474eb48-ccfe-40c5-8325-8e36c08370e7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fc1e1ac3-3303-4bc5-913c-735d8b393fad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d95c697f-d985-4ab1-92b5-40df04bbe322} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3169036-557e-45e1-840f-c845dc406c55} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{418fe949-7ef6-4d85-9037-c29d6e32ef1d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5bfc1e05-8287-420e-8526-f6d76e1febb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5bfc1e05-8287-420e-8526-f6d76e1febb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2884dfb4-fa41-47bf-a470-6fd6fd356c19} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wxdbpfvo.bmva (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wxdbpfvo.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkkrklcx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc7d8de8-ef3d-4f44-8b54-03759fac1367} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SYiJec96Be (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM035199c9 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c3169036-557e-45e1-840f-c845dc406c55} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qadovnel (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bdkpfxqw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\kie\AppData\Local\Temp\jkkjgdEv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\hmpazsdw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\tuvTljjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\ProgramData\rqjqjkvm\nkvshmpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\shdocvw.oca (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\efcBttuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\fccbCtRl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\geBtUonm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\iifefDtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\khfDwwvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\pmnoMGxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp00021b5e (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp00023425 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp0002389a (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp0002d20b (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp000389b3 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tmp00038bd6 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\tuvSJYOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\vpagvmpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\wiyvcpxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\xxyyyXrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Users\kie\Desktop\virii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\[email protected]@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\nnnKBRig.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kie\AppData\Local\Temp\aqrbqsjv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\xbaqktfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\wxdbpfvo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\spwoqbmv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\qadovnel.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\gndarmblsnv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\bdkpfxqw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  6. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    is this infomation any good 4 u ?
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Yes, the information is good. (y)

    Run HJT again, right click and Run As Administrator, and put a check in the following:

    O2 - BHO: DVA Gate - {5BFC1E05-8287-420E-8526-F6D76E1FEBB8} - C:\Windows\gndarmblsnv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: wxdbpfvo - {C3169036-557E-45E1-840F-C845DC406C55} - C:\Windows\wxdbpfvo.dll
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvTljjH.dll,#1
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kie\AppData\Local\Temp\jkkjgdEv.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kie\AppData\Local\Temp\nnnKBRig.dll,c
    O4 - HKCU\..\Run: [vkkrklcx] C:\Windows\system32\hmpazsdw.exe
    O4 - HKCU\..\Run: [BM035199c9] Rundll32.exe "C:\Users\kie\AppData\Local\Temp\aqrbqsjv.dll",s
    O4 - HKLM\..\Policies\Explorer\Run: [SYiJec96Be] C:\ProgramData\rqjqjkvm\nkvshmpq.exe
    O21 - SSODL: qadovnel - {418FE949-7EF6-4D85-9037-C29D6E32EF1D} - C:\Windows\qadovnel.dll
    O21 - SSODL: bdkpfxqw - {2884DFB4-FA41-47BF-A470-6FD6FD356C19} - C:\Windows\bdkpfxqw.dll

    Close all applications and browser windows before you click "fix checked".

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\Windows\system32\hmpazsdw.exe
      C:\ProgramData\rqjqjkvm
      
    • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post with a new hijackthis log.
     
  8. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    not sure if its worked, should i have system restore on because its turned off at the moment, also i checked on the trendmirco house call virus scan and it said i still have the virus.

    im sure i did everything right

    the list that you showed me didnt have everything on it that you told me to check and fix the 2nd time .
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Please perform a scan with Kaspersky Webscan Online Virus Scanner

    1. Read the Requirements and Privacy statement, then select "Accept".
    2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    4. When the download is complete it will say ready, click "Next".
    5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    7. Click "OK".
    8. Under "Select a target to scan", click on "My Computer".
    9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  10. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, May 09, 2008 10:40:14 PM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/05/2008
    Kaspersky Anti-Virus database records: 749864
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    L:\

    Scan Statistics:
    Total number of scanned objects: 76518
    Number of viruses found: 3
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 02:11:40

    Infected Object Name / Virus Name / Last Action
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\NTDETECT.COM Object is locked skipped
    C:\ntldr Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_11015\aspdict.dat Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c329ed7410cd35e53652ee5b99eacb45_885d731f-04a2-4096-98c1-f7e544cb25f6 Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_885d731f-04a2-4096-98c1-f7e544cb25f6 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a00624 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01892 Infected: Trojan.Win32.Monder.gen skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01956 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\geBroMCs.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\hGVpoljj.dll.bac_a00380 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\khfGXPGX.dll.bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\ljJCrOff.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\opNfdcbx.dll.bac_a00380 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\sSMdEWQj.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\sSMdEWQj.dll.bac_a01956 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050920080510\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3DNLHCE\glas[1] Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE299WP8\idkfa[1] Infected: Trojan.Win32.Monder.dc skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMTPSPSW\kriv[1] Infected: Trojan.Win32.Monder.dd skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U\webinst[1].cab Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\kie\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TM.blf Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows Defender\FileTracker\{6CCDD876-932F-4F2A-AD5B-AC1C9C034263} Object is locked skipped
    C:\Users\kie\AppData\Local\Temp\dawdqmtf.dll Object is locked skipped
    C:\Users\kie\AppData\Local\Temp\eequoixo.dll Infected: Trojan.Win32.Monder.dd skipped
    C:\Users\kie\AppData\Local\Temp\enuvrsdh.dll Infected: Trojan.Win32.Monder.gen skipped
    C:\Users\kie\AppData\Local\Temp\pagnrpgj.dll Object is locked skipped
    C:\Users\kie\AppData\Local\Temp\sbargbod.dll Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\BitDefender\Desktop\Profiles\asdict.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\Mozilla\Firefox\Profiles\hhij820e.default\cert8.db Object is locked skipped
    C:\Users\kie\AppData\Roaming\Mozilla\Firefox\Profiles\hhij820e.default\history.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\Mozilla\Firefox\Profiles\hhij820e.default\key3.db Object is locked skipped
    C:\Users\kie\AppData\Roaming\Mozilla\Firefox\Profiles\hhij820e.default\parent.lock Object is locked skipped
    C:\Users\kie\AppData\Roaming\Mozilla\Firefox\Profiles\hhij820e.default\search.sqlite Object is locked skipped
    C:\Users\kie\ntuser.dat Object is locked skipped
    C:\Users\kie\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\kie\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
    C:\Windows\Logs\DPX\setupact.log Object is locked skipped
    C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
    C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
    C:\Windows\security\database\secedit.sdb Object is locked skipped
    C:\Windows\SoftwareDistribution\EventCache\{309893A0-FAB1-408B-95B0-3F61AEBD1FB2}.bin Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.0.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.1.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.2.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.blf Object is locked skipped
    C:\Windows\System32\drivers\sptd.sys Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\RegCure Program Check.job Object is locked skipped
    C:\Windows\Tasks\RegCure.job Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

    Scan process completed.
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    All of the infected items are in Temp and Temporary Internet so you need to clear those.

    Print this out and don't have any applications or Internet Explorer open while you are doing this.

    Restart in Safe Mode.

    • To boot up in Safe mode, continuously tap the F8 key while starting your computer.
    • You should see a black screen displaying the Windows Advanced Menu Options.
    • Using your keyboard's arrow keys, select Safe mode, then hit Enter.

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".



    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Users\kie\AppData (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Repeat the same process for C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

    Delete all of the folders under \Content.IE5


    Empty your recycle bin.

    Reboot and post another log.
     
  12. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    there was just 1 file that wudnt delete, Img24bb.tmp


    should i perform another scan ?
     
  13. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    Yes, run Kaspersky again.
     
  14. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, May 11, 2008 2:24:45 PM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/05/2008
    Kaspersky Anti-Virus database records: 755758
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    L:\

    Scan Statistics:
    Total number of scanned objects: 76644
    Number of viruses found: 8
    Number of infected objects: 15
    Number of suspicious objects: 0
    Duration of the scan process: 03:14:31

    Infected Object Name / Virus Name / Last Action
    C:\$Recycle.Bin\S-1-5-21-1099064812-36199206-300039136-1000\$R1IB0MS.exe Infected: not-a-virus:AdTool.Win32.Zango.ag skipped
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\NTDETECT.COM Object is locked skipped
    C:\ntldr Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_11041\aspdict.dat Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped
    C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c329ed7410cd35e53652ee5b99eacb45_885d731f-04a2-4096-98c1-f7e544cb25f6 Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_885d731f-04a2-4096-98c1-f7e544cb25f6 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384/crack.exe Infected: Trojan.Win32.Monder.gen skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384/keygen.exe Infected: Trojan-Downloader.Win32.Small.ury skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384/serial.exe Infected: Trojan-Downloader.Win32.Small.vab skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384 RAR: infected - 3 skipped
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384 CryptFF.b: infected - 3 skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384/keygen.exe Infected: Trojan.Win32.Monder.gen skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384/patch.exe Infected: Trojan.Win32.Obfuscated.abi skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384/crack.exe Infected: Trojan-Downloader.Win32.Small.iyb skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384/install.exe Infected: Trojan-Downloader.Win32.Small.ved skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384 RAR: infected - 4 skipped
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384 CryptFF.b: infected - 4 skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a00624 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01892 Infected: Trojan.Win32.Monder.gen skipped
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01956 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\geBroMCs.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\hGVpoljj.dll.bac_a00380 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\khfGXPGX.dll.bac_a01384 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\ljJCrOff.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\opNfdcbx.dll.bac_a00380 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\sSMdEWQj.dll.bac_a01892 Object is locked skipped
    C:\Users\kie\.housecall6.6\Quarantine\sSMdEWQj.dll.bac_a01956 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051120080512\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008051120080512\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U\webinst[1].cab/webinst.dll Infected: Trojan-Downloader.Win32.FraudLoad.tv skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U\webinst[1].cab CAB: infected - 1 skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\kie\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TM.blf Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows\UsrClass.dat{bd2cd6c0-a47e-11dc-bef4-0016ec115510}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Users\kie\AppData\Local\Microsoft\Windows Defender\FileTracker\{E24100EF-8BD1-4DCA-B9BA-7D336DABA661} Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat Object is locked skipped
    C:\Users\kie\AppData\Roaming\BitDefender\Desktop\Profiles\asdict.dat Object is locked skipped
    C:\Users\kie\ntuser.dat Object is locked skipped
    C:\Users\kie\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\kie\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
    C:\Windows\Logs\DPX\setupact.log Object is locked skipped
    C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
    C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
    C:\Windows\security\database\secedit.sdb Object is locked skipped
    C:\Windows\SoftwareDistribution\EventCache\{CC1A0F8B-D97C-4EAA-842E-964A3FA13DC2}.bin Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.0.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.1.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.2.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{745e2ad0-1903-11dd-8a51-0016ec115510}.TxR.blf Object is locked skipped
    C:\Windows\System32\drivers\sptd.sys Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\RegCure Program Check.job Object is locked skipped
    C:\Windows\Tasks\RegCure.job Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\Temp\tmp0000377a\tmp00000000 Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

    Scan process completed.
     
  15. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,111
    These are the infected items from the scan:
    C:\$Recycle.Bin\S-1-5-21-1099064812-36199206-300039136-1000\$R1IB0MS.exe
    C:\Users\kie\.housecall6.6\Quarantine\33F25AE3d01.bac_a01384
    C:\Users\kie\.housecall6.6\Quarantine\B69063BFd01.bac_a01384
    C:\Users\kie\.housecall6.6\Quarantine\css4[1].bac_a01892
    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U\webinst[1].cab


    Some site you are going is infected.
    Delete all of the folders in C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U

    Empty the recycle bin and clear the housecall quarantine.
     
  16. bigkieth

    bigkieth Thread Starter

    Joined:
    May 2, 2008
    Messages:
    9
    i could find low/content.ES5\z970tt4u from below, so i just deleted everything out of the temporary Internet folder. will that do ?

    C:\Users\kie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z97OTT4U


    thanx for your help aswell, youve been a star
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/709640

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice