Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Recieved A Bad Spam Thing


  • Please log in to reply
67 replies to this topic

#31 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 25 February 2007 - 03:53 PM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close all running programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.
Posted Image
Posted Image

BC AdBot (Login to Remove)

 


#32 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 26 February 2007 - 04:29 PM

Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "mooler Worm" found in File System! Action Taken: Entries Removed.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.BACKUPENGINECLSID" refers to invalid object "{EC100040-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.BACKUPENGINECLSID.7.0" refers to invalid object "{EC100040-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.ENGINECLSID" refers to invalid object "{EC100004-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.ENGINECLSID.7.0" refers to invalid object "{EC100004-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.MOVEFILESCLSID" refers to invalid object "{EC100041-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.ARCMN.MOVEFILESCLSID.7.0" refers to invalid object "{EC100041-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.BRDCST.NOTIFYCLIENTCLSID" refers to invalid object "{EC10003A-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.BRDCST.NOTIFYCLIENTCLSID.7.0" refers to invalid object "{EC10003A-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.CAPMN.ENGINECLSID.7.0" refers to invalid object "{EC100010-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.CONNMNGMNTBOX.CONNMNGMNTCLSID" refers to invalid object "{EC100180-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.CONNMNGMNTBOX.CONNMNGMNTCLSID.7.0" refers to invalid object "{EC100180-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.ENGINECLSID" refers to invalid object "{EC100003-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.ENGINECLSID.7.0" refers to invalid object "{EC100003-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.MOVEFILESCLSID" refers to invalid object "{EC100029-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.MOVEFILESCLSID.7.0" refers to invalid object "{EC100029-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.SYNCHRONOUSENGINECLSID" refers to invalid object "{EC100060-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.FILEMN.SYNCHRONOUSENGINECLSID.7.0" refers to invalid object "{EC100060-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.MPSDRC.SENDREQUESTCLSID.1" refers to invalid object "{EC100142-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.MRSOCK.MRSOCKCLSID" refers to invalid object "{EC1001E0-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.MRSOCK.MRSOCKCLSID.7.0" refers to invalid object "{EC1001E0-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.RTSOCK.SIMPLETRANSPORTCLSID" refers to invalid object "{EC100152-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.RTSOCK.SIMPLETRANSPORTCLSID.7.0" refers to invalid object "{EC100152-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.SCRFS.CONNECTIONCLSID" refers to invalid object "{EC100155-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.SCRFS.CONNECTIONCLSID.7.0" refers to invalid object "{EC100155-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.SCRFS.DATACALLBACKCLSID" refers to invalid object "{EC100154-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.SCRFS.DATACALLBACKCLSID.7.0" refers to invalid object "{EC100154-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Ericsson.ConnectivityPackP800.SCRFS.RFSCLSID" refers to invalid object "{EC100153-05A0-11D2-A953-00105A46D6E4}". Action Taken: Entries Removed.
Entry "HKCR\Setup.Player.2K2" refers to invalid object "{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}". Action Taken: Entries Removed.
Entry "HKCR\SymAData.ActiveDataInfo" refers to invalid object "{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SymAData.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SymAData.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-dan.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-cht.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nld.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fra.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ita.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-kor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-rus.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esp.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sve.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fin.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-chs.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-plk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-csy.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sky.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-slv.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-hun.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-tha.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-trk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ell.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esl.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Chs.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Cht.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Csy.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Dan.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ell.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Esl.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Esp.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Fin.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Fra.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Hun.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ita.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Kor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Nld.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Plk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ptb.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Ptg.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Rus.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Sky.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Slv.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Sve.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Tha.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Trk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Tha.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bsa". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cgi". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbl". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".esp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ess". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3savdat". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gam". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ISO". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpg_320x240". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".message". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mif". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ov2". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r35". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RSC". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".spr". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ver". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Burn4Free Toolbar". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.5)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.6)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.7)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{22C97984-6A68-4140-872E-B2F5123A7387}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8295247E-03ED-11DA-BFBD-00065BBDC0B5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{86EC42B5-346E-4BAB-948D-58E021EA4BD1}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C33CF844-3FE6-442E-B2FD-998192C939C9}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CB2D95C7-189C-4596-B071-CE99C309573D}". Action Taken: Entries Removed.

#33 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 February 2007 - 04:51 PM

Reboot,post a new Hijackthis log please.
Posted Image
Posted Image

#34 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 11:30 AM

Logfile of HijackThis v1.99.1

Scan saved at 17:28:27, on 27.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DLink\Bluetooth-programvare\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pinge\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FF73F560-4A73-4348-98E8-A396B75E3152} - C:\WINDOWS\system32\lhbalhb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: infpmvzq - C:\WINDOWS\SYSTEM32\lhbalhb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#35 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 February 2007 - 11:46 AM

Download and run SysProtect Remover.exe:
http://www.atribune.org/ccount/click.php?id=10
Once it is running click the "Remove Now" button and follow the on screen instructions.
Reboot when you've done.

**********************************

Ok Murphy,let's try the following again:

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text:

Files to delete:
C:\WINDOWS\SYSTEM32\lhbalhb.dll


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.

*********************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt,the Avenger output.txt,along with a new Hijackthis log into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#36 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 12:04 PM

Logfile of The Avenger version 1, by Swandog46

Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yldsrstu

*******************

Script file located at: \??\C:\Documents and Settings\lnkqxdfa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\yxwpxcbo.dll not found!
Deletion of file C:\WINDOWS\system32\yxwpxcbo.dll failed!

Could not process line:
C:\WINDOWS\system32\yxwpxcbo.dll
Status: 0xc0000034



Could not open file C:\WINDOWS\system32\lhbalhb.dll for deletion
Deletion of file C:\WINDOWS\system32\lhbalhb.dll failed!

Could not process line:
C:\WINDOWS\system32\lhbalhb.dll
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.

VundoFix nada

Beginning removal...

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 17:55:18 27.02.2007

Listing files found while scanning....

No infected files were found.

#37 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 February 2007 - 12:09 PM

Please make sure all hidden files are still showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download\install FileASSASSIN:
http://www.malwarebytes.org/FileASSASSIN.zip

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Run FileASSASSIN.
Using the button to the right of the center space,navigate to and double click on the following file below.
That files full path will appear in the space,then click 'Delete'.
Wait for the confirmation of deletion,then exit the program.
C:\WINDOWS\system32\lhbalhb.dll

Reboot normally,let me know what happened please.
Posted Image
Posted Image

#38 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 12:21 PM

When running Fileassasin this showed:
File could not be deleted.

#39 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 01:59 PM

When looking in the system32 folder there exists a file called: lhbalhb.dll.bak in addition to the other lhbalhb.dll. Dunno if that helps, but haven't seen it mentioned earlier.

#40 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 February 2007 - 02:04 PM

Good observation Murphy :thumbsup:

lhbalhb.dll.bak
lhbalhb.dll


Please check to see if you can find any more with a different file extension such as:
.TMP
.SYS

Posted Image
Posted Image

#41 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 02:09 PM

No other, but yxwpxcbo.dll

#42 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 February 2007 - 02:22 PM

Murphy,theres no other variations of yxwpxcbo.dll is there with a different file extension.
Posted Image
Posted Image

#43 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 02:32 PM

Not that I believe can have anything to do with this, because looking at last modified date you have the two .dll mentioned above + the .bak file. Other than that the only changed .dll's is : SysRedir.dll , SymNeti.dll , streamhlp.dll . There are some .dat, one .dbl, sfm, one drv, one .ini, .log and .rfx files

#44 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 February 2007 - 02:46 PM

Murphy,try killing these three files using FileASSASSIN:

C:\WINDOWS\system32\lhbalhb.dll.bak
C:\WINDOWS\system32\lhbalhb.dll
C:\WINDOWS\system32\yxwpxcbo.dll


If you manage to delete them or not,do this next please:

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
Posted Image
Posted Image

#45 Murphy

Murphy
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2007 - 04:13 PM

BitDefender Online Scanner







Scan report generated at: Tue, Feb 27, 2007 - 22:03:37









Scan path: A:\;C:\;D:\;E:\;F:\;G:\;















Statistics

Time


01:03:15

Files


247415

Folders


4585

Boot Sectors


3

Archives


2468

Packed Files


8831







Results

Identified Viruses


5

Infected Files


58

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


106







Engines Info

Virus Definitions


393856

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes



C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Disinfection failed

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Deleted

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Disinfection failed

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Deleted

C:\Documents and Settings\Pinge\Desktop\mwav.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\Pinge\Local Settings\Temp\mexe.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Pinge\Local Settings\Temp\mexe.com
Disinfection failed

C:\Documents and Settings\Pinge\Local Settings\Temp\mexe.com
Deleted

C:\Documents and Settings\Pinge\Local Settings\Temp\mwavscan.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Pinge\Local Settings\Temp\mwavscan.com
Disinfection failed

C:\Documents and Settings\Pinge\Local Settings\Temp\mwavscan.com
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\11444698.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\11444698.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\11444698.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\162E674C.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\162E674C.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\162E674C.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\163B3A14.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\163B3A14.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\163B3A14.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1ADD545F.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\1ADD545F.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1ADD545F.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1B66481C.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\1B66481C.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1B66481C.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1DBA2DDA.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\1DBA2DDA.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1DBA2DDA.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2CE64CD9.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\2CE64CD9.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2CE64CD9.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\34147D8A.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\34147D8A.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\34147D8A.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\38AE4851.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\38AE4851.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\38AE4851.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3C4328DC.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\3C4328DC.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3C4328DC.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\49B5165F.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\49B5165F.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\49B5165F.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4E89246D.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\4E89246D.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4E89246D.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5060570F.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\5060570F.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5060570F.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\557632CD.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\557632CD.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\557632CD.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5BCB2D7A.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\5BCB2D7A.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5BCB2D7A.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\607F713B.exe=>(Quarantine-2)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Program Files\Norton AntiVirus\Quarantine\607F713B.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\607F713B.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\60FA41E0.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\60FA41E0.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\60FA41E0.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\655E17DF.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\655E17DF.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\655E17DF.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\700727D6.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\700727D6.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\700727D6.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\71E538E0.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\71E538E0.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\71E538E0.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\73AA65D6.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\73AA65D6.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\73AA65D6.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7726384D.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\7726384D.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7726384D.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7A882E95.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\Program Files\Norton AntiVirus\Quarantine\7A882E95.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7A882E95.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7D2E3E7A.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\Program Files\Norton AntiVirus\Quarantine\7D2E3E7A.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7D2E3E7A.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP299\A0071607.dll
Infected with: Trojan.Agent.Delf.AC

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP299\A0071607.dll
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP299\A0071607.dll
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077837.dll
Infected with: Trojan.Agent.Delf.AC

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077837.dll
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077837.dll
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077838.dll
Infected with: Trojan.Agent.Delf.AC

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077838.dll
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077838.dll
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077839.dll
Infected with: Trojan.Agent.Delf.AC

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077839.dll
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077839.dll
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077840.dll
Infected with: Trojan.Agent.Delf.AC

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077840.dll
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP301\A0077840.dll
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090054.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090054.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090054.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090055.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090055.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090055.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090056.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090056.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090056.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090057.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090057.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090057.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090058.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090058.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090058.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090059.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090059.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090059.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090060.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090060.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090060.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090061.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090061.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090061.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090062.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090062.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090062.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090063.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090063.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090063.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090064.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090064.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090064.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090065.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090065.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090065.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090066.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090066.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090066.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090067.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090067.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090067.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090068.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090068.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090068.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090069.exe=>(Quarantine-2)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090069.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090069.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090070.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090070.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090070.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090071.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090071.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090071.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090072.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090072.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090072.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090073.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090073.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090073.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090074.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090074.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090074.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090075.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090075.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090075.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090076.dll=>(Quarantine-2)
Infected with: Trojan.Proxy.Delf.BQ

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090076.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090076.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090077.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.QK

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090077.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{B889682D-29A1-4399-8B2E-2BDA5FA3EFD5}\RP303\A0090077.dll=>(Quarantine-2)
Deleted

C:\VundoFix Backups\lhbalhb.dll .bad
Infected with: Trojan.Agent.Delf.AC

C:\VundoFix Backups\lhbalhb.dll .bad
Disinfection failed

C:\VundoFix Backups\lhbalhb.dll .bad
Deleted

Edited by Murphy, 27 February 2007 - 04:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users