Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"msvcrl.dll Was Not Found" Can Anyone Help?


  • Please log in to reply
15 replies to this topic

#1 vega_moo

vega_moo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 20 March 2007 - 09:18 PM

Hi, please could someone help me?

I think i have a keylogger infection...

When i try to run internet explorer, i get the message..
"This application has failed to start because msvcrl.dll was not found. Re-installing the application may fix this problem"

I have run AVG/spybot/Ad-Aware/CCleaner, and nothing is able to fix it so far...

Please someone help!

--------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 02:15:15, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\Bittorrent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
C:\HJT\Hjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Vega\Desktop\InterCasino $$$.lnk (file missing)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Documents and Settings\Vega\Desktop\InterCasino $$$.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\Bittorrent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 24 March 2007 - 07:07 PM

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
    • Click Apply and then click OK
Then please upload this file:

C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe

To either jotti or virustotal

Repeat for these files:

C:\Program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\iexplore.exe

Post back with the Jotti/virustotal results and a new HijackThis log

#3 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 25 March 2007 - 11:24 AM

Hi!

Ok...heres virustotal results for:

1) C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe

Complete scanning result of "iexplore.exe", received in VirusTotal at 03.25.2007, 18:01:11 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.24.1 03.24.2007 no virus found
AntiVir 7.3.1.44 03.25.2007 no virus found
Authentium 4.93.8 03.24.2007 no virus found
Avast 4.7.936.0 03.23.2007 no virus found
AVG 7.5.0.447 03.25.2007 no virus found
BitDefender 7.2 03.25.2007 no virus found
CAT-QuickHeal 9.00 03.23.2007 no virus found
ClamAV devel-20070312 03.25.2007 no virus found
DrWeb 4.33 03.25.2007 no virus found
eSafe 7.0.14.0 03.25.2007 no virus found
eTrust-Vet 30.6.3506 03.23.2007 no virus found
Ewido 4.0 03.25.2007 no virus found
FileAdvisor 1 03.25.2007 No threat detected
Fortinet 2.85.0.0 03.25.2007 no virus found
F-Prot 4.3.1.45 03.23.2007 no virus found
F-Secure 6.70.13030.0 03.24.2007 no virus found
Ikarus T3.1.1.3 03.25.2007 no virus found
Kaspersky 4.0.2.24 03.25.2007 no virus found
McAfee 4991 03.23.2007 no virus found
Microsoft 1.2306 03.25.2007 no virus found
NOD32v2 2144 03.25.2007 no virus found
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.24.2007 no virus found
Prevx1 V2 03.25.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.25.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.24.2007 no virus found
VirusBuster 4.3.7:9 03.25.2007 no virus found
Webwasher-Gateway 6.0.1 03.25.2007 no virus found


2) C:\Program files\internet explorer\iexplore.exe

Complete scanning result of "iexplore.exe", received in VirusTotal at 03.25.2007, 18:06:01 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.24.1 03.24.2007 no virus found
AntiVir 7.3.1.44 03.25.2007 no virus found
Authentium 4.93.8 03.24.2007 no virus found
Avast 4.7.936.0 03.23.2007 no virus found
AVG 7.5.0.447 03.25.2007 no virus found
BitDefender 7.2 03.25.2007 no virus found
CAT-QuickHeal 9.00 03.23.2007 no virus found
ClamAV devel-20070312 03.25.2007 no virus found
DrWeb 4.33 03.25.2007 no virus found
eSafe 7.0.14.0 03.25.2007 no virus found
eTrust-Vet 30.6.3506 03.23.2007 Win32/Goesna
Ewido 4.0 03.25.2007 no virus found
FileAdvisor 1 03.25.2007 no virus found
Fortinet 2.85.0.0 03.25.2007 suspicious
F-Prot 4.3.1.45 03.23.2007 no virus found
F-Secure 6.70.13030.0 03.24.2007 no virus found
Ikarus T3.1.1.3 03.25.2007 no virus found
Kaspersky 4.0.2.24 03.25.2007 no virus found
McAfee 4991 03.23.2007 no virus found
Microsoft 1.2306 03.25.2007 no virus found
NOD32v2 2144 03.25.2007 no virus found
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.24.2007 no virus found
Prevx1 V2 03.25.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.25.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.24.2007 no virus found
VirusBuster 4.3.7:9 03.25.2007 no virus found
Webwasher-Gateway 6.0.1 03.25.2007 no virus found

3) C:\WINDOWS\system32\iexplore.exe

I dont seem to have this file in my system32 folder ???


4) HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 17:20:17, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Bittorrent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT\Hjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Defender.lnk = C:\Program Files\Windows Defender\MSASCui.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -

http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program

Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\Bittorrent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


....thank you so much for your help!

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 25 March 2007 - 02:28 PM

Then please upload this file:

C:\WINDOWS\system32\dllcache\iexplore.exe

To either jotti or virustotal

Copy and paste the results as a reply here

#5 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 26 March 2007 - 01:45 PM

ok here you go...

Complete scanning result of "iexplore.exe", received in VirusTotal at 03.26.2007, 20:34:04 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.26.2007 no virus found
AntiVir 7.3.1.44 03.26.2007 no virus found
Authentium 4.93.8 03.24.2007 no virus found
Avast 4.7.936.0 03.25.2007 no virus found
AVG 7.5.0.447 03.26.2007 no virus found
BitDefender 7.2 03.26.2007 no virus found
CAT-QuickHeal 9.00 03.26.2007 no virus found
ClamAV devel-20070312 03.26.2007 no virus found
DrWeb 4.33 03.26.2007 no virus found
eSafe 7.0.14.0 03.25.2007 no virus found
eTrust-Vet 30.6.3512 03.26.2007 no virus found
Ewido 4.0 03.25.2007 no virus found
FileAdvisor 1 03.26.2007 Not analyzed yet
Fortinet 2.85.0.0 03.26.2007 no virus found
F-Prot 4.3.1.45 03.23.2007 no virus found
F-Secure 6.70.13030.0 03.26.2007 no virus found
Ikarus T3.1.1.3 03.26.2007 no virus found
Kaspersky 4.0.2.24 03.26.2007 no virus found
McAfee 4992 03.26.2007 no virus found
Microsoft 1.2306 03.26.2007 no virus found
NOD32v2 2145 03.26.2007 no virus found
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.25.2007 no virus found
Prevx1 V2 03.26.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.26.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.26.2007 no virus found
VirusBuster 4.3.7:9 03.26.2007 no virus found
Webwasher-Gateway 6.0.1 03.26.2007 no virus found

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 26 March 2007 - 02:06 PM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process.

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

attrib -s -h -r "C:\Program files\internet explorer\iexplore.exe"
attrib -s -h -r "C:\WINDOWS\system32\dllcache\iexplore.exe"
del /q "C:\Program files\internet explorer\iexplore.exe"
copy "C:\WINDOWS\system32\dllcache\iexplore.exe" "C:\Program files\internet explorer\iexplore.exe"


Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat


Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Do not open internet explorer or the fix will fail

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal

Restart in normal mode and let me know if your internet explorer problems persist

#7 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 26 March 2007 - 05:17 PM

Wow!

Utterly awesome.... seems to be totally fixed!

Thank you so, so much..... im no programmer at all, and this was well beyond me to fix alone....

I would of had to just format and install again from scratch without your help.

Thank you x 1 million!

Wish i had a way to return the favour, my computer is very important to me... yup im a geek ;) ...im so happy its well again!

Thank you.. thank you thank you!!!

Anthony.

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 27 March 2007 - 10:21 AM

I'm not sure you're clean yet, you have this line in you log

O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\Bittorrent.exe

Which I suspect is a backdoor

You had a keylogger so please change all your passwords from a clean PC

Then please upload this file:

C:\WINDOWS\Bittorrent.exe

To either jotti or virustotal

Post back with the jotti/virustotal results and a new HijackThis log

#9 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 27 March 2007 - 04:31 PM

Whoops! ..got a bit excited and carried away there!

Ok,.. i actually ran all my avg/spybot/ad-aware stuff after i had done the last thing you asked. That bittorrent file came up as a nasty, so i used ccleaner to block it for a second from running, so i could then quickly deleted it manually.... so its not there anymore... (well its seems to of gone!) I just did a search for anything else called bittorrent and i found this...

C:\WINDOWS\Prefetch\BITTORRENT.EXE-3B8131F6.pf

... so i scanned this with Virustotal and it came back with...

Complete scanning result of "BITTORRENT.EXE-3B8131F6.pf", received in VirusTotal at 03.27.2007, 23:19:13 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.27.2007 no virus found
AntiVir 7.3.1.44 03.27.2007 no virus found
Authentium 4.93.8 03.26.2007 no virus found
Avast 4.7.936.0 03.27.2007 no virus found
AVG 7.5.0.447 03.27.2007 no virus found
BitDefender 7.2 03.27.2007 no virus found
CAT-QuickHeal 9.00 03.27.2007 no virus found
ClamAV devel-20070312 03.27.2007 no virus found
DrWeb 4.33 03.27.2007 no virus found
eSafe 7.0.14.0 03.27.2007 no virus found
eTrust-Vet 30.6.3515 03.27.2007 no virus found
Ewido 4.0 03.27.2007 no virus found
FileAdvisor 1 03.27.2007 no virus found
Fortinet 2.85.0.0 03.27.2007 no virus found
F-Prot 4.3.1.45 03.27.2007 no virus found
F-Secure 6.70.13030.0 03.27.2007 no virus found
Ikarus T3.1.1.3 03.27.2007 no virus found
Kaspersky 4.0.2.24 03.27.2007 no virus found
McAfee 4993 03.27.2007 no virus found
Microsoft 1.2306 03.27.2007 no virus found
NOD32v2 2148 03.27.2007 no virus found
Norman 5.80.02 03.27.2007 no virus found
Panda 9.0.0.4 03.27.2007 no virus found
Prevx1 V2 03.27.2007 no virus found
Sophos 4.15.0 03.27.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.27.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.27.2007 no virus found
VirusBuster 4.3.7:9 03.27.2007 no virus found
Webwasher-Gateway 6.0.1 03.27.2007 no virus found



Here's my latest Hjack this log file....

Logfile of HijackThis v1.99.1
Scan saved at 22:19:31, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\Hjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\Bittorrent.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Is there anything else i need to do?

Thanks you!

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 28 March 2007 - 11:28 AM

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

sc stop "Microsoft Corporation"
sc delete "Microsoft Corporation"


Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Then close all windows except HijackThis and click Fix Checked

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Acrobat reader is outdated, uninstall the one you have installed and install the latest one from here:

http://www.adobe.com/products/acrobat/readstep2.html

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Post back with the Kaspersky log and a new HijackThis log

#11 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 March 2007 - 03:00 AM

Ok..done all that here are the logs...

(man..was this well beyond me or what! ...i never had to do anything like this before! ..honestly random..big thank you..)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 30, 2007 8:43:37 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/03/2007
Kaspersky Anti-Virus database records: 288902
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 192973
Number of viruses found: 5
Number of infected objects: 265 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:17:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vega\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP200.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP201.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP202.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP203.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP204.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP205.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP206.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP207.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP208.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP209.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP210.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP211.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP212.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP213.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP214.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP215.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP216.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP217.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP218.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP219.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP220.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP221.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP222.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP223.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP224.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP225.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP226.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP227.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP228.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP229.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP230.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP231.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP232.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP233.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP234.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP235.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP236.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP237.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP238.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP239.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP240.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP241.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP242.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP243.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP244.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP245.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP246.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP247.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP248.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP249.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP250.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP251.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP252.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP253.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP254.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP255.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP256.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP257.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP258.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP259.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP260.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP261.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP262.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP263.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP264.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP265.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP266.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP267.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP268.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP269.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP270.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP271.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP272.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP273.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP274.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP275.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP276.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP277.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP278.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP279.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP280.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP281.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP282.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP283.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP284.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP285.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP286.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP287.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP288.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP289.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP290.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP291.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP292.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP293.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP294.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP295.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP296.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP297.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP298.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP299.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP300.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP301.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP302.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP303.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP304.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP305.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP306.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP307.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP308.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP309.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP310.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP311.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP312.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP313.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP314.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP315.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP316.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP317.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP318.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP319.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP320.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP321.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP322.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP323.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP324.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP325.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP326.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP327.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP328.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP329.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP330.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP331.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP332.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP333.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP334.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP335.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP336.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP337.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP338.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP339.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP34.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP340.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP341.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP342.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP343.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP344.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP345.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP346.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP347.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP348.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP349.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP35.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP350.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP351.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP352.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP353.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP354.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP355.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP356.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP357.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP358.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP359.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP36.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP360.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP361.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP362.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP363.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP364.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP365.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP366.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP367.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP368.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP369.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP37.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP370.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP371.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP372.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP373.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP374.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP375.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP376.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP377.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP378.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP379.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP38.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP380.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP381.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP382.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP383.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP384.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP385.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP386.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP387.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP388.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP389.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP39.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP390.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP391.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP392.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP393.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP394.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP395.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP396.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP397.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP398.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP399.TMP\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3A.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3B.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3C.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3D.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3F.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP40.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP41.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP42.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP43.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP44.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP45.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP46.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47D.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47F.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP48.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP48F.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP49.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4A.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4B.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4C.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4D.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4F.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP50.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP51.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP52.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP53.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP53E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP54.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP55.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP56.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57D.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP58.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP58E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP59.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP596.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5A.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5B.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5C.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5D.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5E.tmp\BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\Documents and Settings\Vega\Local Settings\Temp\~DF3122.tmp Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Temp\~DF31C2.tmp Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Vega\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vega\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vega\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP367\A0047079.exe Infected: Backdoor.Win32.IRCBot.zi skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048323.exe/data0000.cab/BATTLE~1.EXE Infected: Backdoor.Win32.Bifrose.tm skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048323.exe/data0000.cab Infected: Backdoor.Win32.Bifrose.tm skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048323.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe/data0000.cab/Server.exe Infected: Backdoor.Win32.Optix.ak skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe/data0000.cab Infected: Backdoor.Win32.Optix.ak skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe NSPack: infected - 2 skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe PE_Patch: infected - 2 skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP425\A0057433.exe Infected: Backdoor.Win32.IRCBot.zi skipped
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP438\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\Internet Logs\BLENDER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E0CF80CB-91B6-44B6-925B-7AB037774B20}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT06ef9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06f00.TMP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\RECYCLER\S-1-5-21-796845957-776561741-682003330-1003\Dc2.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\RECYCLER\S-1-5-21-796845957-776561741-682003330-1003\Dc2.exe mIRC: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
.............................................................................................................................................................

Logfile of HijackThis v1.99.1
Scan saved at 08:56:02, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\Hjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 30 March 2007 - 11:59 AM

Download ATF Cleaner by Attribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
  • Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    C:\WINDOWS\Downloaded Program Files\gsda.dll
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like thisPosted Image
  • You will now get the prompt Files will be removed on reboot, Do you want reboot now?
  • Click Yes, this will restart your pc
  • Note: If your PC does not restart automatically, please restart it manually
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG anti-spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Post back with the AVG antispyware log and a new HijackThis log

#13 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 March 2007 - 09:02 PM

Ok all done..here are the reports...


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:55:38 31/03/2007

+ Scan result:



C:\Documents and Settings\Vega\Local Settings\Temp\IXP200.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP201.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP202.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP203.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP204.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP205.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP206.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP207.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP208.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP209.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP210.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP211.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP212.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP213.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP214.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP215.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP216.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP217.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP218.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP219.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP220.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP221.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP222.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP223.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP224.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP225.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP226.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP227.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP228.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP229.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP230.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP231.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP232.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP233.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP234.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP235.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP236.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP237.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP238.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP239.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP240.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP241.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP242.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP243.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP244.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP245.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP246.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP247.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP248.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP249.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP250.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP251.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP252.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP253.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP254.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP255.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP256.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP257.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP258.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP259.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP260.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP261.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP262.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP263.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP264.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP265.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP266.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP267.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP268.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP269.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP270.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP271.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP272.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP273.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP274.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP275.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP276.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP277.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP278.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP279.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP280.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP281.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP282.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP283.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP284.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP285.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP286.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP287.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP288.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP289.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP290.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP291.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP292.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP293.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP294.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP295.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP296.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP297.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP298.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP299.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP300.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP301.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP302.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP303.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP304.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP305.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP306.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP307.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP308.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP309.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP310.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP311.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP312.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP313.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP314.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP315.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP316.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP317.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP318.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP319.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP320.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP321.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP322.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP323.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP324.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP325.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP326.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP327.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP328.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP329.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP330.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP331.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP332.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP333.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP334.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP335.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP336.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP337.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP338.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP339.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP34.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP340.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP341.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP342.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP343.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP344.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP345.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP346.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP347.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP348.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP349.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP35.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP350.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP351.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP352.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP353.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP354.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP355.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP356.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP357.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP358.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP359.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP36.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP360.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP361.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP362.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP363.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP364.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP365.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP366.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP367.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP368.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP369.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP37.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP370.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP371.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP372.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP373.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP374.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP375.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP376.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP377.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP378.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP379.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP38.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP380.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP381.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP382.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP383.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP384.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP385.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP386.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP387.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP388.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP389.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP39.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP390.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP391.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP392.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP393.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP394.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP395.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP396.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP397.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP398.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP399.TMP\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3A.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3B.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3C.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3D.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP3F.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP40.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP41.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP42.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP43.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP44.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP45.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP46.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47D.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP47F.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP48.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP48F.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP49.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4A.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4B.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4C.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4D.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP4F.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP50.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP51.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP52.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP53.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP53E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP54.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP55.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP56.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57D.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP57E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP58.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP58E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP59.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP596.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5A.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5B.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5C.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5D.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\Documents and Settings\Vega\Local Settings\Temp\IXP5E.tmp\BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048323.exe/BATTLE~1.EXE -> Backdoor.Bifrose.tm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP367\A0047079.exe -> Backdoor.IRCBot.zi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP425\A0057433.exe -> Backdoor.IRCBot.zi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D073B175-EC30-4022-8106-829FBC8DF1D6}\RP369\A0048333.exe/Server.exe -> Backdoor.Optix.ak : Cleaned with backup (quarantined).
C:\!KillBox\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 02:58:30, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\Hjc.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hows it lookimg now?

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 31 March 2007 - 02:28 AM

It looks good, just a couple of final checks

Delete this folder

C:\!KillBox\
  • Download Silent runners by Andrew Aronoff from here
  • Unzip/extract it to a folder on your desktop
  • Double click on Silent Runners.vbs to start Silent runners
  • If your antivirus warns you about a script, allow it to run, this script does not contain malicious code
  • You will be asked if you want skip the supplementary search, click Yes
  • Wait for Silent runners to inform you that it has finished
  • A log will be created in the same folder as Silent Runners.vbs
  • It will have a name of Startup Programs (yourusername) date-time.txt
  • Use notepad to open that file
  • Copy and paste the contents as a reply to this topic
  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic
  • Download Catchme by GMER from here and save it your desktop
  • Double click on catchme.exe to launch Catchme
  • This will open a DOS window
  • When the scan has finished, this message will be displayed:

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

  • Close the DOS window
  • A log will be created on your desktop called catchme.log
  • Use notepad to open the log
  • Copy and paste the contents of the log as a reply to this topic
Post back with the silent runners log, the blacklight log, the catchme log and a new HijackThis log

Edited by random/random, 31 March 2007 - 02:32 AM.


#15 vega_moo

vega_moo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 31 March 2007 - 04:48 AM

...all done, here you go...

.............................................................................................

03/31/07 10:39:42 [Info]: BlackLight Engine 1.0.61 initialized
03/31/07 10:39:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/31/07 10:39:42 [Note]: 7019 4
03/31/07 10:39:42 [Note]: 7005 0
03/31/07 10:39:44 [Note]: 7006 0
03/31/07 10:39:44 [Note]: 7022 0
03/31/07 10:39:44 [Note]: 7011 604
03/31/07 10:39:44 [Note]: 7026 0
03/31/07 10:39:44 [Note]: 7026 0
03/31/07 10:39:46 [Note]: FSRAW library version 1.7.1021
03/31/07 10:41:15 [Note]: 2000 1012
03/31/07 10:41:38 [Note]: 7007 0

.............................................................................................

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

.............................................................................................

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]
"AGEIA PhysX SysTray" = "C:\Program Files\AGEIA Technologies\TrayIcon.exe" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA}" = "NOMAD Explorer"
-> {HKLM...CLSID} = "NOMAD Explorer"
\InProcServer32\(Default) = "C:\Program Files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL" ["Creative Technology Ltd"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Vega" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 31
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

.............................................................................................

Logfile of HijackThis v1.99.1
Scan saved at 10:43:21, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\Hjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165261396578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users