Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
A Nasty Little Bugger of a Virus
   
BullGuard Antivirus Forum > General Security > Spyware > A Nasty Little Bugger of a Virus  
Forum Quick Jump
 
New Topic Post reply to : A Nasty Little Bugger of a Virus Printable version of : A Nasty Little Bugger of a Virus
[ << Previous Thread | Next Thread >> ]

Phanatical
New Member


Date Joined Jun 2006
Total Posts : 1
  		   Posted 7-3-2006 9:31 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
One of my computers is currently suffering from a self-replicating virus that I cannot for the life of me destroy. Norton, Ad-Aware, ewido etc. have not proven successful, and even the HijackThis log doesn't reveal too much to me. I have noticed in other threads similar problems, but the solutions there have not proven useful.
 
In the C:\Windows\Temp directory, I have files "win1.tmp" through to "winDEC.tmp", most of which are 0b, but some of which are 1k. Internet Explorer 7 (beta 3) will often bring up popups asking me to download "WinAntiVirus". I deleted the tmp files and MediaAccK.exe (in Safe Mode), and upon restarting found more tmp files, tmp.exe files and exe files in both Temporary Internet Files and Windows\Temp. Norton leads me to suggest that these files are being generated from exe files in the Temporary Internet Files directories, which themselves must be generated from something.
 
This is a current HijackThis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 6:29:45 PM, on 3/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Andrew Quah\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wxvault.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Back to Top
 

Mordegai
Trusted Member


Date Joined Jun 2006
Total Posts : 151
  		   Posted 7-3-2006 3:26 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Hello,

A) Fix in HijackThis:

O4 - HKLM\..\Run: [ShowLOMControl] 
O20 - AppInit_DLLs: wxvault.dll

B) Clean your PC with CCleaner - download and install it - www.ccleaner.com/download/downloadpage.aspx?f=2 and choose there to clean Windows, Applications and Issues

C) Disable System Restore - download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm

D) Download and run MWAV - tp.microworldsystems.com/download/tools/mwav.exe and set it this way img451.imageshack.us/my.php?image=32an.jpg and click on Scan.

It will be scanning for a long time. After finishing scan (it will write Scan completed) copy here content of the second frame called Virus Log Information.

Post Edited (Mordegai) : 7/3/2006 4:11:16 PM GMT

Back to Top
 

Phanatical
New Member


Date Joined Jun 2006
Total Posts : 1
  		   Posted 7-3-2006 6:32 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
File C:\WINDOWS\system32\winrvc32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
File C:\WINDOWS\system32\winrvc32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
Object "remadm Remote Administration Tool" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\system32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\WINDOWS\system32\regperf.exe infected by "Trojan-Downloader.Win32.Zlob.wg" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
File C:\WINDOWS\system32\winrvc32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\ANDREW~1\LOCALS~1\TEMPOR~1\Content.IE5\SLJIG88Q\WinAntiVirusPro2006FreeInstall.exe tagged as not-a-virus:Downloader.Win32.WinFixer.j. No Action Taken.
File C:\DOCUME~1\ANDREW~1\LOCALS~1\TEMPOR~1\Content.IE5\T41ZSS5G\bgates.exe infected by "Trojan.Win32.Dialer.pz" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Andrew Quah\Local Settings\Temporary Internet Files\Content.IE5\SLJIG88Q\bgates.exe infected by "Trojan.Win32.Dialer.pz" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Andrew Quah\Local Settings\Temporary Internet Files\Content.IE5\SLJIG88Q\WinAntiVirusPro2006FreeInstall.exe tagged as not-a-virus:Downloader.Win32.WinFixer.j. No Action Taken.
File C:\Documents and Settings\Andrew Quah\My Documents\Downloads\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\Documents and Settings\Andrew Quah\My Documents\Downloads\Remote Administrator (Radmin) 2.2 + serial + manual + tools.rar tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A825DE7.tmp infected by "Trojan-Downloader.Win32.Zlob.wg" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1ADA4B86.exe infected by "Trojan-Clicker.Win32.Small.kx" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DEB206F.exe infected by "Trojan-Dropper.Win32.VB.nn" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D1B4CDA.exe infected by "Trojan-Dropper.Win32.VB.nn" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\749C1C3B.exe infected by "Trojan-Downloader.Win32.IstBar.jh" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75061C38.exe infected by "Trojan-Dropper.Win32.VB.nn" Virus! Action Taken: No Action Taken.
File C:\Program Files\Radmin\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\Program Files\Radmin\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
File C:\WINDOWS\system32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
File C:\WINDOWS\system32\regperf.exe infected by "Trojan-Downloader.Win32.Zlob.wg" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
File C:\WINDOWS\system32\winrvc32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Back to Top
 

Mordegai
Trusted Member


Date Joined Jun 2006
Total Posts : 151
  		   Posted 7-3-2006 7:22 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Excellent!

Now please do this:

A) Delete Temporary Internet Files - support.microsoft.com/default.aspx?scid=kb;en-us;260897
B) Delete Norton quarantined files - they can be deleted - www.its.queensu.ca/itsc/faq/anti_virus_spyware/sav/quarantine.html
C) Download and run Killbox - www.bleepingcomputer.com/files/spyware/KillBox.zip.

Copy this tracks (CTRL+C):

C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\winrvc32.dll

Click on menu File - Paste from Clipboard and choose Delete on Reboot and click on All files. If would be possible choose also Unregister .dll Before Delete and click on the cross. Your computer will reboot.

Note: Just to make sure you can run also SmitFraudFix - it's something liku universal tool against Trojan.Zlob variants - here you have guide - siri.geekstogo.com/SmitfraudFix.php

That's all :-)
Back to Top
 

Smartguy
New Member


Date Joined Jun 2006
Total Posts : 6
  		   Posted 7-16-2006 3:50 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.



Hey dude this is wat i gt aftr doin the stuf u said earlier... Plz help me....
Its the same kind of bug tats affectin the othr guys comp...
Back to Top
 

Mordegai
Trusted Member


Date Joined Jun 2006
Total Posts : 151
  		   Posted 7-16-2006 6:01 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Smartguy: MWAV makes a log in (for Windows XP) path C:\Documents and Settings\your account\Local Settings\Temp called MWAV.txt - find it (you need to enable showing hiding files and folders), open it in notepad and find articles with "action taken" in them and copy here whole paths. You can use Find function in Notepad.
Back to Top
 

Smartguy
New Member


Date Joined Jun 2006
Total Posts : 6
  		   Posted 7-16-2006 6:24 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Sun Jul 16 22:51:32 2006 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sun Jul 16 22:51:37 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken.

Sun Jul 16 22:51:37 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".NQF". Action Taken: No Action Taken.

Sun Jul 16 22:51:37 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.

Sun Jul 16 22:51:37 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5E8D588F-307C-4250-B622-26969027319A}". Action Taken: No Action Taken.

Sun Jul 16 22:51:37 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ACDCBD7A-C95C-4A97-BD7C-17823E4F66D2}". Action Taken: No Action Taken.



Here's the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:54:28 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\TEMP\win6C.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Software\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{378FB340-4901-4006-8AA4-EC5CC770567F}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C5788BC-ADF7-45B2-BE65-4D1B759BE6BF}: NameServer = 202.88.130.15,202.88.130.5,202.88.130.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6CA649-28FC-4B4B-91DF-58D334E84B9F}: NameServer = 202.88.130.15,202.88.130.67,202.88.130.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{378FB340-4901-4006-8AA4-EC5CC770567F}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{378FB340-4901-4006-8AA4-EC5CC770567F}: NameServer = 202.88.130.15,202.88.130.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Back to Top
 

Smartguy
New Member


Date Joined Jun 2006
Total Posts : 6
  		   Posted 7-17-2006 5:06 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
Yes thr is no infection bt every othr minute i gt an alert on my AV askin me to terminate a virus called
http://www.content-loader.com/getexe/?wmid=bgates which is a Win32/Dialer.PZ trojan......

Hw do i solve this problem....
Ur help wud really b appreciated....
Back to Top
 

Carlitta87jam
New Member


Date Joined Dec 2007
Total Posts : 1
  		   Posted 12-24-2007 4:02 (GMT +1)    Quote: A Nasty Little Bugger of a VirusAlert an admin about: A Nasty Little Bugger of a Virus
im following ur instructions and i got this...

Object "maxsearch Adware" found in File System! Action Taken: No Action Taken.
Object "video activex access Trojan" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zango Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "killav.nbd Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "winfixer/errorsafe Adware" found in File System! Action Taken: No Action Taken.
Object "privacyprotector Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "privacyprotector Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "go'zilla Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "go'zilla Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "go'zilla Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "go'zilla Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "killav.nbd Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CAPICOM.InstallEngineCtl.3" refers to invalid object "{A56ED29A-05A9-1DA9-805C-E515245F956A}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.PathControl" refers to invalid object "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.Sequence" refers to invalid object "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.SequencerControl" refers to invalid object "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.SpriteControl" refers to invalid object "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.StructuredGraphicsControl" refers to invalid object "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Action Taken: No Action Taken.
Entry "HKCR\DLP.DLPObj" refers to invalid object "{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}". Action Taken: No Action Taken.
Entry "HKCR\DLP.DLPObj.1" refers to invalid object "{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Entry "HKCR\Shareaza.SkinInfoExtractor.1" refers to invalid object "{0EEDB912-C5FA-486F-8334-57288578C627}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\VSEditorFactory.VsEditorFactory.1" refers to invalid object "{CB3FCF01-03DF-11D1-81D2-00A0C91BBEE3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\hpmonZ.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\idvectra.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\ispro.ico". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\shortcut.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe"". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\shortcut.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\ispro.ico". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\hpmonZ.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\idvectra.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Borland\Common Files\BDE\bdecfg32.cnt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Netscape\Netscape Browser\plugins\\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\da.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\es.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\fi.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\ja.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\ko.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\nb.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\nl.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\ru.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\sv.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\iPod\bin\iPodService.Resources\zh_TW.lproj\iPodServiceLocalized.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Mozilla Firefox\plugins\\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1028\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1031\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1034\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1036\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1040\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1041\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1042\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1043\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1046\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\1053\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Common Files\System\Ole Db\Resources\2052\MSOLAP80.RLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\QuickTime\MMxptResources.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\ZoneLabs\isafeif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\ZoneLabs\vetredir.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Application Data\Symantec\Common Client\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_sg\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_sg\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\Frontend\en_au\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\Frontend\en_au\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\nl\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\nl\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\fr\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\fr\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\de\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\de\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\es_mx\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\es_mx\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_gb\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_gb\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet Signup\FrontEnd\fr_ca\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet Signup\FrontEnd\fr_ca\ui\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_sg\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\Frontend\en_au\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\nl\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\fr\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\de\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\es_mx\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet signup\FrontEnd\en_gb\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Easy Internet Signup\FrontEnd\fr_ca\ui\content\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\winsxs\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\winsxs\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\winsxs\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Visual Studio 8\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\MSDN\Visual Web Developer 2005 Express Edition Feature Tour\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\CNN\My Product Name\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\CNN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My Pictures\Winter Fun Pack 2004 for Windows XP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fmo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FO_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LPCM". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mbt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mms". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MPEG2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MPG2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mrt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nim". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".npl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".obm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".otb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sqm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vib". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "0852D05415AB9A4F1EF451E342267F76C776ED2F". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Azureus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Blaze Media Pro". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DVD Flick_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HP Rhapsody". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB912067". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB915381". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB917283.T1_1ToU93_1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB922770.T1_1ToU168_1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LimeWire". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "M886903". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.1)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.10)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.6)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.7)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (2.0.0.9)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Neopets". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PRO". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Roller Coaster Tycoon 2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sally's Salon". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sallys Salon". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinAVI VideoConverter_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{003033FA-5250-4BA6-94B7-84686F881405}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{114FDC2A-BCB3-4A47-B18D-1D0AFC9D020C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1DE969A4-D024-4CC3-AAC8-2B79C2751031}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{20608BFA-6068-48FE-A410-400F2A124C27}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2B257128-0B59-4A88-AFDF-BE12E5F5B9A0}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{305D509B-F194-4638-9F0F-D9E4C05F9D33}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3C3FAC2D-837C-4C19-A90B-60C826B15A1A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5482BBD9-1042-4385-8662-74AF4616856C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{55FA89BD-21D3-42F7-9249-C94C0094A83C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6786EA6E-D55A-45CA-BA90-94CADE4F9B42}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{712C2C55-46DC-497E-9AE6-17DF4D5491EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{720F1A5D-2E78-4FAB-9DC9-47AC24BFBE4F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{75742F57-31BA-4E64-8A86-48CDDB6DFE4F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{796F7394-63EB-4784-9B44-E6BFECC597DC}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7A837109-E671-470D-B489-F1EBE471D220}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7F5B1EFE-7EAC-4521-99C2-F2B2101F9DD2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{817E5E5F-8E37-4BF3-8826-C8598C9675A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{81CFF79E-04E6-41BC-B4FA-D2FF4DE58A15}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{88BED723-BE8E-4EC8-9E20-85A10C187E80}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8C6027FD-53DC-446D-BB75-CACD7028A134}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{91057632-CA70-413C-B628-2D3CDBBB906B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{917B5D74-1DD0-4782-9BCC-FD6E2ED09F75}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9230776C-2326-4E8F-91E5-389347FEC7AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9486F06C-068D-4CD1-9C3F-7FA4706C5271}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A39104A8-41F0-4BD1-8F0D-CA10969BB33D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-0000-2550-7A8C40000000}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A70500000002}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-5464-3428-7050000000A7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B3091818-7C56-4C45-BE7D-CA23027A5EA5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C7A78F7F-EF32-4477-BAD7-3439EA7571BF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CB54B73B-53EC-4D2B-8E1A-AC8AACF96B3B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CBBF4242-B809-3664-7ACA-18ED4EA7126F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D08B83BB-C13A-40A8-9BBC-6C581AFCAB2C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D900E12F-DC9F-437B-8E63-5E8D781A06B5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EAB05CD3-B27E-4867-A4D4-2B56F8666C35}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F1157D84-37DD-4A28-8285-E2505154A960}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F6E692F1-63C2-4760-94C6-C689DCD053F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F84DCD57-20AB-4E22-8892-2F88FAF76702}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FBE8A0BB-9785-4269-89BA-E407E888F96B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FDEE0045-CA31-483E-A940-DAF2DA240ECA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FE7D894F-CAB7-45FE-8056-44F32532A403}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FF2D46CF-122C-47D8-9846-037C59E7144D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FFB59000-EB47-45BC-842A-EFFBDA635C94}". Action Taken: No Action Taken.
File C:\WINDOWS\DLP.dll//ASPack//UPX tagged as "not-a-virus:AdWare.Win32.Webdir.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\rlls.dll tagged as "not-a-virus:AdWare.Win32.RK.k". Action Taken: No Action Taken.


how do u know what to delete?
Back to Top
 
New Topic Post reply to : A Nasty Little Bugger of a Virus Printable version of : A Nasty Little Bugger of a Virus
 
Forum Information
Currently it is Friday, November 21, 2008 12:34 AM (GMT +1)
There are a total of 63.950 posts in 15.824 threads.
In the last 3 days there were 33 new threads and 166 reply posts. View Active Threads
Who's Online
This forum has 27181 registered members. Please welcome our newest member, DilbertCube.
25 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help please!!! (7)20-11-2008 23:03:58 (paytons place)
Win 32-trojan-gen (14)20-11-2008 22:20:55 (RAYJAY)
Generic Host processor for Win32 services (0)20-11-2008 21:28:28 (gio)
Trojan horse SHeur2.FO help :( (3)20-11-2008 21:23:39 (bizzaro)
Bullguard quits scanning after 6200 files (0)20-11-2008 19:59:07 (Ruud Smit)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard