Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spybot search and destroy problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spybot search and destroy problems

Unread postby Tom Laird » April 11th, 2008, 11:29 am

I get this message when I run Spy Bot Search and Destroy
"There were problems in the include file C:\ProgramFiles\Spybot-Search_Destroy\Includes\TrojansC.sbi"
Earlier in the month, auto protect was finding a Trojan virunda file and removing it. I thought it was gone but peScan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 68741
Number of viruses found: 4
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 01:36:06

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\P-Temp\Uploads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\P-Temp\Uploads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU993D.txt Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.15.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.15.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy13.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC0F9.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC10A.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\033112AC.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\2C7A93C3.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400000\4FEAC278.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400001\4FEAC3E3.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400002\4FEAD074.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400003\4FEAD116.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400004\4FEADDE4.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400005\4FEADE2C.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400006\4FEAEBF6.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400007\4FEAEC3F.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D240000\4FEEAF1A.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D240001\4FEEAFE0.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640000\4FEF06FE.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640001\4FEF079C.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640002\4FEF14CA.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640003\4FEF16DB.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC00000\4FD647E2.VBN Infected: Trojan-Downloader.SWF.Gida.a skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF40000\4FFD0CE2.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF40001.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF40002.VBN Infected: Packed.Win32.Monder.gen skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E5C0000\4F7FF1E9.VBN Infected: Worm.Win32.AutoRun.xy skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat{4b0f7ecd-69e9-11dc-9c82-0019663843a5}.TM.blf Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat{4b0f7ecd-69e9-11dc-9c82-0019663843a5}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows\UsrClass.dat{4b0f7ecd-69e9-11dc-9c82-0019663843a5}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\Howdy\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\Howdy\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Howdy\AppData\Local\Temp\~DFCB23.tmp Object is locked skipped
C:\Users\Howdy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Howdy\ntuser.dat Object is locked skipped
C:\Users\Howdy\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Howdy\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Howdy\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Howdy\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Howdy\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d33824ae-fda5-11dc-858e-f03a377394bb}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d33824ae-fda5-11dc-858e-f03a377394bb}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d33824ae-fda5-11dc-858e-f03a377394bb}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{3AD5C8E3-A3C1-4425-8530-55808AD591F9}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{d3382496-fda5-11dc-858e-f03a377394bb}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{d3382496-fda5-11dc-858e-f03a377394bb}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{d3382496-fda5-11dc-858e-f03a377394bb}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{d3382496-fda5-11dc-858e-f03a377394bb}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdatrhaps not? What are my options please?
Last edited by Tom Laird on April 14th, 2008, 1:46 pm, edited 1 time in total.
Tom Laird
Active Member
 
Posts: 3
Joined: April 11th, 2008, 11:09 am
Advertisement
Register to Remove

Re: Spybot search and destroy problems

Unread postby dan12 » April 11th, 2008, 1:16 pm

Hi, Tom,

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

* Doubleclick HJTInstall.exe to install it.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

please post new HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Spybot search and destroy problems

Unread postby Tom Laird » April 11th, 2008, 2:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:28 PM, on 4/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\UMonit.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UMonit] C:\Windows\system32\UMonit.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E71449C-2C3E-4D27-8895-655C8B992A72}: NameServer = 216.183.128.10 216.183.128.4
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\Windows\system32\lxbscoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4968 bytes
Here is my log file. I am having trouble with Spybot. Possible trojan virunda.
Tom Laird
Active Member
 
Posts: 3
Joined: April 11th, 2008, 11:09 am

Re: Spybot search and destroy problems

Unread postby Gary R » April 11th, 2008, 4:41 pm

You posted your HJT log in a new thread Tom, so I've merged it with your original topic.

Post all future replies to this thread please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Spybot search and destroy problems

Unread postby dan12 » April 11th, 2008, 5:55 pm

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the Windows tab, leave the default options alone.
  4. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  5. Click on the Run Cleaner button at the bottom right hand corner.

    ______________________________

    Please get an uninstall list.

    • On the leftmost column, click on Tools.
    • On the middle column, click on Uninstall.
    • At the bottom right hand corner, click on the Save to text file... button.
    • By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
    • Close CCleaner.

Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

Please post the uninstall list.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Spybot search and destroy problems

Unread postby dan12 » April 13th, 2008, 2:56 am

How we doing ?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Spybot search and destroy problems

Unread postby Tom Laird » April 13th, 2008, 2:14 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
BitTornado 0.3.8
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
CCC Help English
ccc-core-static
ccc-utility
CCleaner (remove only)
C-Media WDM Audio Driver
Driver Detective
dvdSanta 4.50
English2metric 1.0
Genesys USB Mass Storage Device
HijackThis 2.0.2
IsoBuster 1.7
Lexmark X1100 Series
LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 8
neroxml
PCI SoftV92 Modem
Realtek AC'97 Audio
Registry Mechanic 6.0
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Skins
Spybot - Search & Destroy 1.4
Symantec AntiVirus
TaxTron 2007
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
VCRedistSetup
VIA Rhine-Family Fast-Ethernet Adapter
VideoLAN VLC media player 0.8.4
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Live Messenger
WinRAR archiver

I tried Spybot again and got the same message

1
Database version: 622

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102384
Time elapsed: 50 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious item
Last edited by Tom Laird on April 14th, 2008, 12:06 am, edited 1 time in total.
Tom Laird
Active Member
 
Posts: 3
Joined: April 11th, 2008, 11:09 am

Re: Spybot search and destroy problems

Unread postby dan12 » April 13th, 2008, 4:43 pm

Hi, Tom, your version of Spybot - Search & Destroy 1.4 is out of date.

Delete programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:
  • Spybot - Search & Destroy 1.4




Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

---------------------

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit


: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt


1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image

  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Please include in your next post:
  • Malwarebytes log
  • Kaspersky scan log
  • New highjackthis log

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Spybot search and destroy problems

Unread postby Gary R » April 19th, 2008, 10:43 am

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 378 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware