Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #61  
Old April 11th, 2008, 12:14 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Well we got rid of the Rustock rootkit which is good but Beagle keeps reappearing in your logs and I dont know why.

S2 msoft98;msoft98;C:\WINDOWS\system32\drivers\msoft9 8.sys []

Let's try the Avenger. Run it as you did before but use the below script this time (the Avenger will probably reboot twice):

Code:
Drivers to delete:
srosa

Files to delete:
C:\WINDOWS\system32\drivers\msoft98.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\wintems.exe
It's now time to run an online antivirus scan. When you have rebooted, go here and download ATF cleaner (do not download the Recommended Download on the mirror site). Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

Next, disable your antivirus program. To do this, rightclick on the Icon in the Notification area (lower righthand corner of your screen) and choose Quit, Exit, Close or whatever option is offered. Now go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.

Run Hijack This again and post a new log please. Also post your Avenger log.
Reply With Quote


  #62  
Old April 11th, 2008, 03:08 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
It is running a lot faster now anyway. Every time i boot up now i get the below error messages. Don't know if it means anything but thought i better post it just in case. I will start the scans now.

rundll
error loading c:\windows\system32\ltdtprltfff.sys
the specified module could not be found


rundll
error loading c:\windows\system32\dofepkjepob.dll
the specified module could not be found
Reply With Quote
  #63  
Old April 11th, 2008, 03:20 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
Here is this one.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\srosa" not found!
Deletion of driver "srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\msoft98.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\msoft98.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Reply With Quote
  #64  
Old April 11th, 2008, 03:46 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
Well i have run in to a bit of a problem, My avast icons have gone missing I can open the program to run it but there is no option to stop protection. I can get to task manager now but do not know which prosses to close to stop avast. I tried rebooting and it did not bring back the icons. Any ideas?
Reply With Quote
  #65  
Old April 11th, 2008, 04:07 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
There is an option in the avast program to show icons on taskbar and both of them are checked. I unchecked them and rebooted then rechecked them and rebooted again but it did not help.
Reply With Quote
  #66  
Old April 11th, 2008, 04:08 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
And it says avast is running in the security center but there is no option to stop it there.
Reply With Quote
  #67  
Old April 11th, 2008, 04:27 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Can you uninstall it for now please zigzag. It's not protecting you anyway. You can reinstall when we have finished.
Reply With Quote
  #68  
Old April 11th, 2008, 04:31 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
will do.
Reply With Quote
  #69  
Old April 11th, 2008, 04:56 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
Ack!! It is showing 4 or 6 hours remaining with spikes up to 12 hours for the scan. I am going to turn in for the night but i wake up every few hours at night (Blaw, old people are silly) and will check it's progress and post results as soon as possible.
Thank you and good evening.
Ha, I think everybody lives in my timezone. Good day to you.
Reply With Quote
  #70  
Old April 11th, 2008, 05:07 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Quote:
Ha, I think everybody lives in my timezone.
I dont unless it's now 4.07pm on Friday at your end too.
Reply With Quote
  #71  
Old April 11th, 2008, 07:24 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
BitDefender Online Scanner







Scan report generated at: Fri, Apr 11, 2008 - 00:35:52









Scan path: C:\Documents and Settings\BBY248\My Documents;C:\Documents and Settings\Guest\My Documents;C:\Documents and Settings\All Users\Documents;A:\;C:\;D:\;















Statistics

Time


01:56:31

Files


375901

Folders


9193

Boot Sectors


2

Archives


9133

Packed Files


8381







Results

Identified Viruses


40

Infected Files


124

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


124







Engines Info

Virus Definitions


1136359

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.F

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx r)=>DnldStub.exe


Infected with: Trojan.Downloader.Small.KL

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx r)=>DnldStub.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx r)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 2r)


Infected with: Trojan.Whenu.A

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 2r)


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)=>Search.exe


Detected with: Adware.Savenow.E

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)=>Search.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)=>Uninst.exe


Detected with: Adware.Whenu.Savenow.AO

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)=>Uninst.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0002=>(CAB Sfx 3r)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0003


Infected with: Trojan.Downloader.Keenval.E

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0003


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0004


Infected with: Trojan.Downloader.Agent.EC

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0004


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0005


Detected with: Adware.Ezula.GE

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0005


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0006


Detected with: Adware.Urlspy.C

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)=>zlib_nsis0006


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\all_files9.exe=>(NSIS o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\BB6.tmp


Infected with: Trojan.Peed.JDP

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\BB6.tmp


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\BB6.tmp


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\bbneww.exe


Infected with: Trojan.Downloader.VB.VQL

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\bbneww.exe


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\bbneww.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\C69.tmp


Infected with: Trojan.Peed.JDR

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\C69.tmp


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\C69.tmp


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\dcfelsfmlcn.drv


Infected with: Win32.Worm.Locksky.CD

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\dcfelsfmlcn.drv


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\FB1.tmp


Infected with: Trojan.Peed.JDP

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\FB1.tmp


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\FB1.tmp


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\gbedob.sys


Infected with: Win32.Worm.Locksky.CD

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\gbedob.sys


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\hcradcraloj.drv


Infected with: Win32.Worm.Locksky.CD

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\hcradcraloj.drv


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPinsight.EXE=>wise0008


Infected with: Trojan.Downloader.Stubby.B

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPinsight.EXE=>wise0008


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPinsight.EXE


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPINSIGT.cab=>ipinsigt.dll


Detected with: Adware.Ipinsight.C

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPINSIGT.cab=>ipinsigt.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\IPINSIGT.cab


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\okrorykl.exe


Infected with: Packer.Krunchy.B

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\okrorykl.exe


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\okrorykl.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\rllhndhhptt.dll


Infected with: Win32.Worm.Locksky.CD

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\rllhndhhptt.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whAgent.exe


Detected with: Spyware.464

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whAgent.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whInstaller.exe


Detected with: Adware.Webhancer.BI

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whInstaller.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>webhdll.dll


Detected with: Adware.Webhancer.BI

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>webhdll.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whiehlpr.dll


Detected with: Dialer.Generic.10254

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whiehlpr.dll


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)=>whiehlpr.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\syswcc32.exe=>(RAR Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\tlpjtt.nls


Infected with: Win32.Worm.Locksky.CD

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\tlpjtt.nls


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)=>rundll16.exe


Infected with: Trojan.Click.D

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)=>rundll16.exe


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)=>rundll16.dll


Detected with: Application.Browseraid.B

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)=>rundll16.dll


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)=>rundll16.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\DOCUME~1\BBY248\LOCA LS~1\Temp\_ps_inst.exe=>(CAB Sfx o)


Update failed

C:\Deckard\System Scanner\20080406190436\backup\WINDOWS\Downloaded Program Files\cssweb.dll


Detected with: Adware.Cssweb.A

C:\Deckard\System Scanner\20080406190436\backup\WINDOWS\Downloaded Program Files\cssweb.dll


Deleted

C:\Deckard\System Scanner\20080406190436\backup\WINDOWS\temp\3114358 14.exe


Infected with: BehavesLike:Win32.ExplorerHijack

C:\Deckard\System Scanner\20080406190436\backup\WINDOWS\temp\3114358 14.exe


Disinfection failed

C:\Deckard\System Scanner\20080406190436\backup\WINDOWS\temp\3114358 14.exe


Deleted

C:\Documents and Settings\BBY248\Application Data\Sun\Java\Deployment\cache\6.0\16\5e752950-5d72b2aa=>BaaaaBaa.class


Infected with: Trojan.Exploit.Java.Gimsh.A

C:\Documents and Settings\BBY248\Application Data\Sun\Java\Deployment\cache\6.0\16\5e752950-5d72b2aa=>BaaaaBaa.class


Deleted

C:\Documents and Settings\BBY248\Application Data\Sun\Java\Deployment\cache\6.0\16\5e752950-5d72b2aa


Updated

C:\Documents and Settings\BBY248\Application Data\Sun\Java\Deployment\cache\6.0\27\29b2a95b-6d87379e


Infected with: Trojan.Exploit.Java.Gimsh.A

C:\Documents and Settings\BBY248\Application Data\Sun\Java\Deployment\cache\6.0\27\29b2a95b-6d87379e


Deleted

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline=>[Subject: approval deadline][Date: Mon, 30 Jan 2006 15:40:43 -0600]=>(MIME part)=>Article+Photos.zip=>Photo and Article.exe


Infected with: DeepScan:Generic.Malware.SYBdld!.A158E7BF

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline=>[Subject: approval deadline][Date: Mon, 30 Jan 2006 15:40:43 -0600]=>(MIME part)=>Article+Photos.zip=>Photo and Article.exe


Disinfection failed

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline=>[Subject: approval deadline][Date: Mon, 30 Jan 2006 15:40:43 -0600]=>(MIME part)=>Article+Photos.zip=>Photo and Article.exe


Deleted

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline=>[Subject: approval deadline][Date: Mon, 30 Jan 2006 15:40:43 -0600]=>(MIME part)=>Article+Photos.zip


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline=>[Subject: approval deadline][Date: Mon, 30 Jan 2006 15:40:43 -0600]=>(MIME part)


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 3): approval deadline


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 54): Ebay Account Update=>[Subject: Ebay Account Update][Date: Sat, 14 Feb 2004 08:23:13 -0600]=>(MIME part)=>(message body)


Infected with: Trojan.Spy.Html.Bayfraud.A

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 54): Ebay Account Update=>[Subject: Ebay Account Update][Date: Sat, 14 Feb 2004 08:23:13 -0600]=>(MIME part)=>(message body)


Deleted

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 54): Ebay Account Update=>[Subject: Ebay Account Update][Date: Sat, 14 Feb 2004 08:23:13 -0600]=>(MIME part)


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx=>(message 54): Ebay Account Update


Updated

C:\Documents and Settings\BBY248\Local Settings\Application Data\Identities\{E7FD0D3A-81F3-42D7-810D-28C48494B410}\Microsoft\Outlook Express\Spoofs and rip's.dbx


Updated
Reply With Quote
  #72  
Old April 11th, 2008, 07:24 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
C:\QooBox\Quarantine\C\1.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\1.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\1.tmp.vir


Deleted

C:\QooBox\Quarantine\C\10.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\10.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\10.tmp.vir


Deleted

C:\QooBox\Quarantine\C\16.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\16.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\16.tmp.vir


Deleted

C:\QooBox\Quarantine\C\1A.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\1A.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\1A.tmp.vir


Deleted

C:\QooBox\Quarantine\C\1D.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\1D.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\1D.tmp.vir


Deleted

C:\QooBox\Quarantine\C\B.tmp.vir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\B.tmp.vir


Disinfection failed

C:\QooBox\Quarantine\C\B.tmp.vir


Deleted

C:\QooBox\Quarantine\C\Documents and Settings\BBY248\My Documents\DOBE~1\lsass.exe.vir


Infected with: Trojan.Dropper.RQU

C:\QooBox\Quarantine\C\Documents and Settings\BBY248\My Documents\DOBE~1\lsass.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\BBY248\My Documents\DOBE~1\lsass.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\hosts.vir


Infected with: Trojan.Qhosts.AI

C:\QooBox\Quarantine\C\WINDOWS\hosts.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\msiconf.ex e.vir


Infected with: Trojan.Peed.Gen

C:\QooBox\Quarantine\C\WINDOWS\system32\msiconf.ex e.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\msiconf.ex e.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ntos.exe.v ir


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\C\WINDOWS\system32\ntos.exe.v ir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ntos.exe.v ir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe. exe.vir


Infected with: Trojan.Peed.JDW

C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe. exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe. exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d ll.vir


Infected with: Trojan.Kobcka.DM

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d ll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d ll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d l_.vir


Infected with: Trojan.Kobcka.DM

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d l_.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.d l_.vir


Deleted

C:\QooBox\Quarantine\catchme2008-04-08_182537.69.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>Tbh27.sys


Infected with: Trojan.Kobcka.DK

C:\QooBox\Quarantine\catchme2008-04-08_182537.69.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>Tbh27.sys


Deleted

C:\QooBox\Quarantine\catchme2008-04-08_182537.69.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-08_182537.69.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ntos.exe


Infected with: Trojan.Spy.ZBot.BE

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ntos.exe


Disinfection failed

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ntos.exe


Deleted

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>tobmh.nls


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>tobmh.nls


Deleted

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-08_214029.46.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>lpppddphdt.sys


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>lpppddphdt.sys


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>thttltph.sys


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>thttltph.sys


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ltdtprltfff.sys


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ltdtprltfff.sys


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dlhhpd.drv


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dlhhpd.drv


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dofepkjepob.dll


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dofepkjepob.dll


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ptrddpptdph.nls


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>ptrddpptdph.nls


Deleted

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-09_223148.73.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-10_ 74723.56.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dlhhpd.drv


Infected with: Win32.Worm.Locksky.CD

C:\QooBox\Quarantine\catchme2008-04-10_ 74723.56.zip=>Documents and Settings/BBY248/Desktop/catchme.zip=>dlhhpd.drv


Deleted

C:\QooBox\Quarantine\catchme2008-04-10_ 74723.56.zip=>Documents and Settings/BBY248/Desktop/catchme.zip


Updated

C:\QooBox\Quarantine\catchme2008-04-10_ 74723.56.zip


Updated

C:\SaveInstCsSm.exe=>(CAB Sfx r)=>DnldStub.exe


Infected with: Trojan.Downloader.Small.KL

C:\SaveInstCsSm.exe=>(CAB Sfx r)=>DnldStub.exe


Deleted

C:\SaveInstCsSm.exe=>(CAB Sfx r)


Update failed

C:\SaveInstCsSm.exe=>(CAB Sfx 2r)


Infected with: Trojan.Whenu.A

C:\SaveInstCsSm.exe=>(CAB Sfx 2r)


Deleted

C:\SaveInstCsSm.exe


Update failed

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)=>Search.exe


Detected with: Adware.Savenow.E

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)=>Search.exe


Deleted

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)


Update failed

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)=>Uninst.exe


Detected with: Adware.Whenu.Savenow.AO

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)=>Uninst.exe


Deleted

C:\SaveInstCsSm.exe=>(CAB Sfx 3r)


Update failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171660.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171660.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171660.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171673.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171673.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171673.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171682.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171682.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1822\A0171682.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171699.dll


Infected with: Win32.Worm.Locksky.CE

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171699.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171705.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171705.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171705.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171725.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171725.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0171725.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172734.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172734.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172734.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172751.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172751.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172751.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172776.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172776.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172776.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172789.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172789.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172789.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172801.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172801.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172801.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172813.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172813.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1823\A0172813.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173816.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173816.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173816.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173830.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173830.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173830.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173843.exe


Infected with: Trojan.Crypt.AS

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173843.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173843.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173845.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173845.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173845.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173855.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173855.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173855.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173863.exe


Infected with: MemScan:Trojan.DNSChanger.RY

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173863.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173878.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173878.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173878.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173897.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173897.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0173897.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174910.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174910.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174910.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174952.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174952.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174952.exe


Deleted
Reply With Quote
  #73  
Old April 11th, 2008, 07:25 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174972.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174972.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174972.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174998.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174998.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0174998.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175012.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175012.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175012.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175025.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175025.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0175025.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176029.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176029.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176029.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176252.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176252.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176252.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176263.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176263.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176263.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176279.exe


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176279.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176279.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176282.dll


Detected with: Adware.Rabio.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176282.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176289.exe


Infected with: Trojan.Crypt.AS

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176289.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176289.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176291.dll


Infected with: Trojan.Kobcka.DM

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176291.dll


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176291.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176294.sys


Infected with: Trojan.Kobcka.DK

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176294.sys


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176297.exe


Infected with: Trojan.Dropper.RQU

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176297.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176297.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176305.exe


Infected with: Trojan.Agent.AHYE

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176305.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176307.exe


Infected with: Trojan.Peed.JDW

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176307.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176307.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176321.exe


Infected with: Trojan.Peed.JDP

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176321.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176321.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176325.exe


Infected with: Trojan.Crypt.AS

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176325.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176325.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176327.exe


Infected with: Generic.NPop.2.B6167444

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176327.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176327.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176328.exe


Infected with: Trojan.Peed.JDR

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176328.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176328.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176355.exe


Infected with: Trojan.Crypt.AS

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176355.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176355.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176364.exe


Infected with: Trojan.Downloader.VB.VQL

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176364.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176364.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176367.exe


Infected with: Trojan.Crypt.AS

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176367.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176367.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176391.exe=>:exe.exe


Infected with: Dropped:Backdoor.Agent.ZCI

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176391.exe=>:exe.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176391.exe=>:exe.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176391.exe


Updated

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176393.dll


Infected with: Trojan.Kobcka.DM

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176393.dll


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176393.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176396.sys


Infected with: Trojan.Kobcka.DK

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176396.sys


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176477.dll


Infected with: Trojan.Kobcka.DM

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176477.dll


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176477.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176482.sys


Infected with: Trojan.Kobcka.DK

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1824\A0176482.sys


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176494.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176494.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176494.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176497.dll


Infected with: Trojan.Kobcka.DM

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176497.dll


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176497.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176499.exe


Infected with: Trojan.Peed.JDW

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176499.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\A0176499.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\snapshot\MFEX-1.DAT


Infected with: Trojan.Kobcka.DM

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\snapshot\MFEX-1.DAT


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1825\snapshot\MFEX-1.DAT


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1827\A0176751.exe


Infected with: Trojan.Spy.ZBot.BE

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1827\A0176751.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1827\A0176751.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178220.exe


Infected with: Trojan.Downloader.VB.VQL

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178220.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178220.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178221.drv


Infected with: Win32.Worm.Locksky.CD

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178221.drv


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178222.sys


Infected with: Win32.Worm.Locksky.CD

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178222.sys


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178223.drv


Infected with: Win32.Worm.Locksky.CD

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178223.drv


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178224.exe


Infected with: Packer.Krunchy.B

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178224.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178224.exe


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178225.dll


Infected with: Win32.Worm.Locksky.CD

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178225.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178226.dll


Detected with: Adware.Cssweb.A

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178226.dll


Deleted

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178227.exe


Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178227.exe


Disinfection failed

C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP1829\A0178227.exe


Deleted

C:\WINDOWS\system32\crepsbqp.dll


Infected with: Win32.Worm.Locksky.CE

C:\WINDOWS\system32\crepsbqp.dll


Deleted

C:\WINDOWS\system32\rqhgjmd.dll


Infected with: Win32.Worm.Locksky.CD

C:\WINDOWS\system32\rqhgjmd.dll


Deleted
Reply With Quote
  #74  
Old April 11th, 2008, 07:30 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
Deckard's System Scanner v20071014.68
Run by BBY248 on 2008-04-11 01:29:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as BBY248.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:38 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\BBY248\Desktop\dss.exe
C:\DOCUME~1\BBY248\Desktop\BBY248.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.cwis.net/~jones/links.htm"); (C:\Documents and Settings\BBY248\Application Data\Mozilla\Profiles\default\mcbo3izh.slt\prefs.j s)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BBY248\Application Data\Mozilla\Profiles\default\mcbo3izh.slt\prefs.j s)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pvbwojaq] C:\Program Files\Tygwdvvm\pvbwojaq.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [dxkmdefn] C:\WINDOWS\system32\nidmbatk.exe
O4 - HKLM\..\Policies\Explorer\Run: [ppltltpl] rundll32.exe "C:\WINDOWS\system32\ltdtprltfff.sys" WLEntryPoint
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/o...abs/cssweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe
O23 - Service: Dcfssvc - Unknown owner - C:\WINDOWS\system32\drivers\dcfssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8146 bytes

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-10 07:56:32 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-08 21:56:09 0 d-------- C:\New Folder <NEWFOL~1>
2008-04-08 21:26:39 68096 --a------ C:\WINDOWS\zip.exe
2008-04-08 21:26:39 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-08 21:26:39 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-08 21:26:39 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-08 21:26:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-08 21:26:39 98816 --a------ C:\WINDOWS\sed.exe
2008-04-08 21:26:39 80412 --a------ C:\WINDOWS\grep.exe
2008-04-08 21:26:39 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-08 21:17:42 1670895 --a------ C:\zigzag.exe
2008-04-06 21:48:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-06 21:48:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-06 21:48:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-06 21:48:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-06 21:48:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-06 21:48:02 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-06 21:48:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-06 21:48:02 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-06 21:48:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-06 21:48:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-06 21:48:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-06 21:48:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-06 21:48:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-06 21:48:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-06 21:48:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-06 21:48:00 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-15 13:53:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-04-08 17:02:41 0 d-------- C:\Program Files\Common Files
2008-04-05 21:50:34 0 d-------- C:\Program Files\PCPitstop
2008-04-05 18:55:14 0 d-------- C:\Program Files\QuickTime
2008-03-22 12:38:23 0 d-------- C:\Program Files\DVDMagic
2008-03-15 13:26:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 23:03:00 0 d-------- C:\Program Files\New Folder <NEWFOL~1>
2008-02-11 19:12:23 0 d-------- C:\Documents and Settings\BBY248\Application Data\Ahead
2008-02-11 18:57:58 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-11 18:55:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-11 18:52:02 0 d-------- C:\Program Files\Nero


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [04/27/2007 09:41 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [08/03/2004 10:32 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [08/18/2001 07:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [08/28/2002 11:39 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [08/28/2002 11:39 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [08/28/2002 11:39 PM]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.e xe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 12:25 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 06:20 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"pvbwojaq"="C:\Program Files\Tygwdvvm\pvbwojaq.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 07:05 PM]
"dxkmdefn"="C:\WINDOWS\system32\nidmbatk.exe" []

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]
"ppltltpl"=rundll32.exe "C:\WINDOWS\system32\ltdtprltfff.sys" WLEntryPoint

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-11 01:30:14 ------------
Reply With Quote
  #75  
Old April 11th, 2008, 07:34 AM
zigzag zigzag is offline
Member
 
Join Date: Apr 2008
Posts: 64
Yeah. back to sleep now
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:22 PM.