Page 2 - Another case of "not a valid win32 app"(Resolved)

Dev Shed Forums Sponsor:

Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!

#16

March 24th, 2008, 01:53 AM

mbal

Contributing User

Join Date: Mar 2008

Posts: 31

Time spent in forums: 7 h 41 sec
Reputation Power: 1

BitDefender.log 3

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006786.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006786.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006802.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006802.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006803.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006803.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006815.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006815.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006819.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006819.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006821.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006821.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006839.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006839.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006840.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006840.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006852.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006852.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006855.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006855.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006857.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006857.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006868.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006868.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006880.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006880.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006908.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006908.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006921.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006921.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006922.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006922.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006940.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006940.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006941.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006941.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006957.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006957.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006969.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006969.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006970.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006970.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006985.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006985.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006986.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0006986.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007002.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007002.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007013.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007013.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007027.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007027.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007028.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007028.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007029.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007029.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007032.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007032.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007036.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007036.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007040.exe
Infected with: Trojan.Downloader.Bagle.GQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007040.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007043.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007043.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007055.exe
Infected with: Win32.Bagle.SUM@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007055.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007057.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007057.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007067.dll
Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007067.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007069.dll
Infected with: Trojan.Vundo.EEE

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007069.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007070.dll
Infected with: Trojan.Vundo.EEH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007070.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007072.dll
Infected with: Trojan.Vundo.EEE

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007072.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007073.dll
Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007073.dll
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007073.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007074.dll
Infected with: Trojan.Vundo.EEH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007074.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007075.dll
Infected with: Trojan.Vundo.EDA

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007075.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007077.dll
Infected with: Trojan.Vundo.ECO

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007077.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007078.dll
Infected with: Trojan.Vundo.ECZ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007078.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007079.dll
Infected with: Trojan.Vundo.GH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007079.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007080.dll
Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007080.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007083.dll
Infected with: Trojan.Vundo.EDE

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007083.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007084.dll
Infected with: Trojan.Vundo.EEJ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007084.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007088.dll
Infected with: Trojan.Vundo.EEH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007088.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007089.dll
Infected with: Trojan.Vundo.EDW

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007089.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007090.dll
Infected with: Trojan.Vundo.ECN

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007090.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007091.dll
Infected with: Trojan.Vundo.EDU

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007091.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007093.dll
Infected with: Trojan.Vundo.EDN

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007093.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007094.dll
Infected with: Trojan.Vundo.ECQ

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007094.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007097.dll
Infected with: Trojan.Vundo.EEE

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007097.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007098.dll
Infected with: Trojan.Vundo.ECX

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007098.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007099.dll
Infected with: Trojan.Vundo.GH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007099.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007100.dll
Infected with: Trojan.Vundo.EEB

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007100.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007101.dll
Infected with: Trojan.Vundo.EDT

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007101.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007103.dll
Infected with: Trojan.Vundo.EEA

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007103.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007104.dll
Infected with: Trojan.Vundo.ECL

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007104.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007105.dll
Infected with: Trojan.Vundo.EEE

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007105.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007107.dll
Infected with: Trojan.Vundo.EEH

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007107.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007138.dll
Infected with: Trojan.Vundo.EBV

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007138.dll
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007142.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007142.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007143.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007143.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007148.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007148.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007201.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007201.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007202.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007202.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007203.exe
Infected with: Backdoor.IRCBot.ABMY

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007203.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007203.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007204.exe
Infected with: Trojan.Agent.AHBI

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007204.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007204.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007208.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007208.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007210.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007210.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007211.exe
Infected with: Backdoor.IRCBot.ABMY

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007211.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007211.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007212.exe
Infected with: Trojan.Agent.AHBI

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007212.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007212.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007276.exe
Infected with: Trojan.Downloader.Bagle.FX

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007276.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007277.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007277.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007278.exe
Infected with: Backdoor.IRCBot.ABMY

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007278.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007278.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007279.exe
Infected with: Worm.P2P.Agent.N

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007279.exe
Deleted

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007280.exe
Infected with: Backdoor.IRCBot.ABMY

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007280.exe
Disinfection failed

C:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP42\A0007280.exe
Deleted

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(1).zip=>Spector Pro 6.0 (KeyGen).exe
Infected with: Trojan.Downloader.Bagle.GO

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(1).zip=>Spector Pro 6.0 (KeyGen).exe
Deleted

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(1).zip
Updated

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(2).zip=>Spector Pro 6.0 (KeyGen).exe
Infected with: Trojan.Downloader.Bagle.GP

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(2).zip=>Spector Pro 6.0 (KeyGen).exe
Deleted

D:\Download\Incoming\Spector Pro 6.0 (KeyGen)(2).zip
Updated

D:\Download\Incoming\Spector Pro 6.0 (KeyGen).zip=>Spector Pro 6.0 (KeyGen).exe
Infected with: DeepScan:Generic.Malware.SPVPkWkg.AC46F4C3

D:\Download\Incoming\Spector Pro 6.0 (KeyGen).zip=>Spector Pro 6.0 (KeyGen).exe
Disinfection failed

D:\Download\Incoming\Spector Pro 6.0 (KeyGen).zip=>Spector Pro 6.0 (KeyGen).exe
Deleted

D:\Download\Incoming\Spector Pro 6.0 (KeyGen).zip
Updated

D:\Games\Deer Hunter 2005\ArcadeInstallDH2005_14d.EXE=>wise0012
Detected with: Adware.Gamespyarcade.F

D:\Games\Deer Hunter 2005\ArcadeInstallDH2005_14d.EXE=>wise0012
Deleted

D:\Games\Deer Hunter 2005\ArcadeInstallDH2005_14d.EXE
Update failed

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000027.exe
Infected with: Win32.Worm.P2P.Puce.G

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000027.exe
Disinfection failed

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000027.exe
Deleted

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000028.exe
Infected with: Trojan.Keylogger.Hotkeyshook.A

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000028.exe
Deleted

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000029.exe
Infected with: Trojan.Generic.75981

D:\System Volume Information\_restore{DAFF03AC-13A1-40F6-AE07-E02942B38856}\RP2\A0000029.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP22\A0001129.exe
Infected with: Win32.Bagle.SVE@mm

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP22\A0001129.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP24\A0003673.exe
Infected with: Win32.Bagle.SVE@mm

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP24\A0003673.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyAgent4.exe
Detected with: Application.Spyware.Spyagent.E

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyAgent4.exe
Disinfection failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyAgent4.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)
Update failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SERVICE.EXE
Infected with: Trojan.Tool.Ntsvc.B

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SERVICE.EXE
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)
Update failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>Deploy.exe
Infected with: Trojan.Win32.SpyAgent.A

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>Deploy.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)
Update failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>NoStealth.exe
Infected with: GenPack:Application.Spyware.Spyagent.A

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>NoStealth.exe
Disinfection failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>NoStealth.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)
Update failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyRename.exe
Detected with: Application.Spyware.Spyagent.A

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyRename.exe
Disinfection failed

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)=>SpyRename.exe
Deleted

D:\System Volume Information\_restore{E6A9E6FA-2E55-40FC-BECF-A5DBA529563D}\RP37\A0006121.exe=>(VISE Installer o)
Update failed

#17

March 24th, 2008, 01:56 AM

mbal

Contributing User

Join Date: Mar 2008

Posts: 31

Time spent in forums: 7 h 41 sec
Reputation Power: 1

Hickjackit.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:47, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Creative\Shared Files\CAMTRAY.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\UTILID~1\MUSICM~1\MMDiag.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Utilidades\Powerdesk\pddlghlp.exe
C:\Utilidades\Musicmatch\mim.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Utilidades\Powerdesk\PDExplo.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Protección infantil\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Utilities\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\UTILID~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Archivos de programa\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] C:\Archivos de programa\Adobe\Photoshop Elements 4.0\apdproxy.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Utilities\Advanced System Optimizer\startUp manager.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dialog Helper.lnk = C:\Utilidades\Powerdesk\pddlghlp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ymetray.lnk = C:\Archivos de programa\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178485037218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBA3E29-9D5E-4C69-A004-8B6839890999}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS3\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: khfebbb - khfebbb.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10022 bytes

Last edited by mbal : March 24th, 2008 at 02:30 AM. Reason: New

#18

March 24th, 2008, 08:53 AM

Porthos

Malware Warrior /AV forum Mod

Join Date: Nov 2006

Location: San Antonio Tx

Posts: 1,033

Time spent in forums: 1 Week 1 Day 17 h 27 m 54 sec
Reputation Power: 363

Click Start > Run and copy and paste these commands hitting enter after each one:..

sc stop drvsyskit

sc delete drvsyskit

If you have any problems with the above just move on.

Next

Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBA3E29-9D5E-4C69-A004-8B6839890999}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS3\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O20 - Winlogon Notify: khfebbb - khfebbb.dll (file missing)

Close all windows and browsers except HJT and click fix checked.

Next

* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:

Quote:

Driver::
drvsyskit
fssfltr
hldrrr
File::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\WINDOWS\system32\gifhscef.ini
C:\WINDOWS\system32\ymmabxdt.ini
C:\WINDOWS\system32\nqxfgfnh.ini
C:\WINDOWS\system32\isynjkvj.ini
C:\WINDOWS\system32\ytvcbhkx.ini
C:\WINDOWS\system32\puuusgdg.ini
C:\WINDOWS\system32\WinSecure.exe
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\drivers\fssfltr.sys
C:\WINDOWS\safu.dat
C:\WINDOWS\S863E8994.tmp
C:\Archivos de programa\SS\SA\sysdiag.exe
Folder::
C:\SDFix
C:\Deckard
C:\Documents and Settings\All Users\Datos de programa\TEMP
Registry::
[-KEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebbb]

* Save this as CFScript.txt and place it on your desktop.

* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Next

Please download ATF Cleaner HERE by Atribune. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
* Click the Empty Selected button.
* NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Next

Please download and install SUPERAntiSpyware from HERE
• Load SUPERAntiSpyware and click the Check for Updates button.
• Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
• Open SUPERAntiSpyware and click the Scan your Computer button.
• Check Perform Complete Scan and then click Next.
• SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
• Make sure that they all have a check next to them, and then click Next.
• Click Finish and you will be taken back to the main interface.
• It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
• I'll need a log afterwards of what has been found.
• To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
• Please post the results of the SUPERAntiSpyware login your next reply.

After all of that.

Go and manually delete the folder

C:\QooBox

Then Run this online virus scan: Active Scan
* You will need to download an ActiveX Control to run the scan. Should you encounter a prompt saying "Click here to use this control", click there.

* After scanning, you'll see an option to create a log afer the scan has finished. Click the See Report button then click the Save Report button. It will be saved with the name activescan.txt .

When done post
HJT log
The combo fix log
superantispyware log
and the activescan.txt

__________________
O'Neill: "So, we basically saved your whole planet, right?"
Chancellor: "Yes."
O'Neill: "Are you, therefore, indebted to us in any modest way?"
Chancellor: "I suppose that is the case."
O'Neill: "So how 'bout the blueprints to build one of those ion cannons?"
Chancellor: "You have been told our policy. That has not changed."

#19

March 24th, 2008, 04:31 PM

mbal

Contributing User

Join Date: Mar 2008

Posts: 31

Time spent in forums: 7 h 41 sec
Reputation Power: 1

Internet connection

After I ComboFix was finished, internet explorer could not connect to the internet. Any idea why?

Thanks

PD: In any case I will send the output of the first two steps. I am connected with a different computer

#20

March 24th, 2008, 04:33 PM

mbal

Contributing User

Join Date: Mar 2008

Posts: 31

Time spent in forums: 7 h 41 sec
Reputation Power: 1

Hijackthis.log

#21

March 24th, 2008, 04:35 PM

mbal

Contributing User

Join Date: Mar 2008

Posts: 31

Time spent in forums: 7 h 41 sec
Reputation Power: 1

ComboFix.log

ComboFix 08-03-21.1 - MBC 2008-03-24 16:00:58.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.3082.18.1625 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\MBC\Escritorio\MyCombo.exe
Command switches used :: C:\Documents and Settings\MBC\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE ::
C:\Archivos de programa\SS\SA\sysdiag.exe
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\WINDOWS\S863E8994.tmp
C:\WINDOWS\safu.dat
C:\WINDOWS\system32\drivers\fssfltr.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\gifhscef.ini
C:\WINDOWS\system32\isynjkvj.ini
C:\WINDOWS\system32\nqxfgfnh.ini
C:\WINDOWS\system32\puuusgdg.ini
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\system32\WinSecure.exe
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\ymmabxdt.ini
C:\WINDOWS\system32\ytvcbhkx.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\WINDOWS\S863E8994.tmp . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 15:59 . 2008-03-24 15:59 3,631 --a------ C:\7.tmp
2008-03-24 15:32 . 2008-03-24 15:32 3,631 --a------ C:\28.tmp
2008-03-23 23:34 . 2008-03-24 01:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 23:26 . 2008-03-23 23:26 244 --ah----- C:\sqmnoopt10.sqm
2008-03-23 23:26 . 2008-03-23 23:26 232 --ah----- C:\sqmdata10.sqm
2008-03-23 23:20 . 2008-03-23 23:20 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Malwarebytes
2008-03-23 23:19 . 2008-03-23 23:19 <DIR> d-------- C:\Malwarebytes
2008-03-23 23:19 . 2008-03-23 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-03-23 21:14 . 2008-03-23 21:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-23 21:09 . 2008-03-23 21:09 244 --ah----- C:\sqmnoopt09.sqm
2008-03-23 21:09 . 2008-03-23 21:09 232 --ah----- C:\sqmdata09.sqm
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\Documents and Settings\Vicente\Configuración local
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\Documents and Settings\MBC\Configuración local
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local
2008-03-23 19:56 . 2008-03-24 15:44 <DIR> d-------- C:\Documents and Settings\Invitado\Configuración local
2008-03-22 20:19 . 2008-03-22 20:19 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Canon
2008-03-09 12:11 . 2008-03-09 12:11 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-03-09 11:32 . 2008-03-09 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-03-08 14:08 . 2008-03-08 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-03-08 14:08 . 2008-03-08 17:06 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-03-07 08:45 . 2008-03-07 08:45 <DIR> d-------- C:\Utilities
2008-03-07 08:45 . 2008-03-07 08:45 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Systweak
2008-03-06 23:32 . 2008-03-06 23:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-06 23:32 . 2008-03-06 23:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-06 23:32 . 2008-03-06 23:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-06 23:32 . 2008-03-06 23:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 23:18 . 2008-03-06 23:18 <DIR> d-------- C:\Archivos de programa\Alwil Software
2008-03-02 11:15 . 2008-03-02 11:15 <DIR> d-------- C:\Archivos de programa\Windows Live Toolbar
2008-03-02 11:15 . 2008-03-02 11:15 <DIR> d-------- C:\Archivos de programa\Windows Live Favorites
2008-03-02 11:15 . 2008-03-02 11:15 <DIR> d-------- C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-03-02 11:11 . 2008-03-02 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-03-02 11:11 . 2008-03-03 03:01 <DIR> d-------- C:\Archivos de programa\Windows Live
2008-03-02 11:11 . 2008-03-02 11:13 <DIR> d--hsc--- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-02-29 23:24 . 2008-02-29 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\AgentSS
2008-02-29 23:24 . 2008-02-29 23:24 102 --a------ C:\Documents and Settings\All Users\Datos de programa\saopts.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 14:45 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-03-23 22:41 --------- d-----w C:\Archivos de programa\eTrust Antivirus
2008-03-08 20:06 --------- d-----w C:\Archivos de programa\eMule
2008-03-02 21:33 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-27 11:05 --------- d-----w C:\Archivos de programa\Canon
2008-01-27 11:04 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-01-27 11:04 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\ZoomBrowser
2008-01-27 11:01 --------- d-----w C:\Archivos de programa\Archivos comunes\Canon
2008-01-12 14:55 56 ---ha-w C:\Documents and Settings\All Users\Datos de programa\emopts.dat
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_19.55.42.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 22:35:05 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-23 22:35:05 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-23 22:35:05 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-23 22:35:07 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-23 22:35:07 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-23 22:35:06 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-03-23 06:24:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-23 20:14:41 3,960,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-23 20:14:41 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-23 06:24:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-23 20:14:26 3,960,832 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-23 20:14:26 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2006-10-27 13:16:36 133,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:55:32 87,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 18:55:48 340,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 18:34:12 660,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:34:10 192,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 13:16:44 594,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 13:16:40 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-26 18:55:54 413,472 ----