Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HJT log[RESOLVED]


  • This topic is locked This topic is locked

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Be sure you have done this: VIEW HIDDEN FILES

Then look if you have this file C:\WINDOWS\System32\param32.dll

Let me know.

Regards,

Pieter
  • 0

Advertisements


#17
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Pieter,
No I don't have this file

Graham
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Did you reboot after your last log?

If not try this.

Bring up TaskManager (Ctrl-Alt-Del)
Take a good look at the list of processes
select vkjgzjj.exe
and choose End Process.

Now we have about three possibilities.

The process stops and that's it.
Find c:\windows\system32\vkjgzjj.exe and rename it to vkjgzjj.bak

The process stops and another process by the same name appears shortly after.

The process stops and another random named process appears in your list.

Let me know which one it is.

Also do this click Start > Run > type or copy&paste
regedit /e c:\aurora.txt "HKEY_CLASSES_ROOT\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}\InProcServer32" > OK

If the entry exists, this will create the file C:\aurora.txt
Post the content of that file if it was created.

And please do not reboot for the time being.

Regards,

Pieter
  • 0

#19
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok then.

Another randon process has appeared "eghxmj.exe" although the name probably doesn't really matter.

Ran the regedit command but it doesn't appear to have created a file.
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Can you upload that file ( c:\windows\system32\eghxmj.exe) here:
http://virusscan.jotti.org/

Let me know the results.

Regards,

Pieter
  • 0

#21
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Not sure how to get a log from that site but I have copied and pasted. Hope it is what you want.

Service load: 0% 100%

File: eqhxmj.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 639c64c1f97175cfa775d6a6746060a9
Packers detected: PE_PATCH, UPX
Scanner results
AntiVir Found TR/Agent.ABS
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Agent.CP
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.ABS-tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.cp
mks_vir Found nothing
NOD32 Found Win32/Agent.CP
Norman Virus Control Found nothing
VBA32 Found Trojan.Win32.Agent.cp

Graham
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
That is what I wanted, yes. :tazz:
Establishing which AV's recognize it.

We are in luck, AntiVir is free and can be installed to scan on demand only.

Download and install AntiVir, but make sure the resident part does not get installed. That will be in the options during the install.

Then reboot into safe mode, disable NAV's resident part
Then do a full system scan with Antivir and have it remove every file it recognizes as TR/Agent.ABS

Regards,

Pieter
  • 0

#23
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok then. WHat do you mean by "resident" parts. Didn't seem to get that option from AntiVir and oculdn't find it on Norton either.

Anyway ran the scan. Did get a "WMIPRVSE.EXE - Application error" message a couple of times but I just closed them ???

Also when I logged back onto the interet to post this I got an Aurora Pop up again....

Have included log from AntiVir and another HJT log.


Creation date of the report file: 27 April 2005 10:55

AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1035, 16.03.2005
Mainprogram 6.30.00.17 of 07.03.2005
VDF file 6.30.0.137 (0) of 27.04.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.antivir-pe.com.


Scanning for 160944 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149996-ADJIE-0001
FUSE: Basic license

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username: admin
Computername: CHRIS
Processor: Pentium
Working memory: 522224 KB free

Version information:
AVWIN.DLL : 6.30.00.17 561192 08.03.2005 15:04:34
AVEWIN32.DLL : 6.30.0.7 815616 11.03.2005 12:40:48
AVGNT.EXE : 6.30.00.01 163943 17.02.2005 11:53:00
AVGUARD.EXE : 6.30.00.06 240168 01.03.2005 15:19:26
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:10
AVGCMSG.DLL : 6.30.00.01 290933 02.02.2005 09:51:48
AVGNTDW.SYS : 6.30.00.04 32640 28.01.2005 11:55:42
AVPACK32.DLL : 6.30.0.9 319568 12.04.2005 10:16:50
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 17:10:20
AVWIN.DLL : 6.30.00.17 561192 08.03.2005 15:04:34
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 17:10:22
AVSched32.EXE : 6.30.00.00 110632 01.02.2005 10:24:10
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:10
AVREG.DLL : 6.30.00.03 41000 10.02.2005 17:47:48
AVRep.DLL : 6.30.00.133 1077288 25.04.2005 14:27:58
INETUPD.EXE : 6.30.00.17 266299 08.03.2005 15:04:34
INETUPD.DLL : 6.30.00.17 143360 08.03.2005 15:04:34
CTL3D32.DLL : 2.31.000 27136 16.07.2003 17:20:14
MFC42.DLL : 6.02.4131.0 1028096 04.08.2004 08:56:42
MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : 7.0.2600.2180 343040 04.08.2004 08:56:44
CTL3DV2.DLL : 2.31.000 27632 30.11.1994 08:00:00

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\admin\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
C: Hard disk
D: CD-ROM

Start of scan: 27 April 2005 10:55

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK


C:\
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
archive.jar-487b52a0-5853e75d.zip
[DETECTION] Is the Trojan horse TR/ClassLoader.E
WAS DELETED!
loaderadv479.jar-3bda1a2b-5dbf44c3.zip
[DETECTION] Is the Trojan horse TR/Forten.Java.2
WAS DELETED!
loaderadv569.jar-6f0b7ccd-2ae48e36.zip
[DETECTION] Is the Trojan horse TR/Forten.Java.2
WAS DELETED!
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\K6D4ANML
AppWrap[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.1296
WAS DELETED!
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\X1NYEPZZ
AppWrap[1].exe
[DETECTION] Contains signature of the dropper DR/Small.OF.F
WAS DELETED!
C:\Documents and Settings\admin\My Documents\Security
l2mfix.exe
ArchiveType: ZIP SFX (self extracting)
--> l2mfix\Process.exe
The file contains signature of the PMS/Processor.20 program and was suppressed by the user.
C:\Documents and Settings\admin\My Documents\Security\l2mfix
Process.exe
The file contains signature of the PMS/Processor.20 program and was suppressed by the user.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
AbetterInternet.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AdDestroyer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AdDestroyer1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AdultBox.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz53.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz54.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz55.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ClipgenieDownloadWare5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinMediaViewerAdware.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DelfinProject9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadWareSED.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCA.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ErrorGuard.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ErrorGuard1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ErrorGuard2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eZulaHotText.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eZulaHotText1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eZulaHotText2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWeb.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
iSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTactiveX.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTsvcUpdater.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechPowerScan.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISTbarSlotch7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
LookMeTopconverting.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NetworkEssentialsSmartpopOops.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NicTechNetworksZestyfind6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Roings.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Roings1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SearchMiracle.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SpyHunter.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VBouncer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VirtualBouncer9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VMSServer9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXf8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WebRebatesTopRebates.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9
ZF612707.CAB
ArchiveType: CAB (Microsoft)
--> REFSAN.TTF
NOTE! Incorrect decompression table
--> MISTRAL.TTF
NOTE! Invalid compressed data
--> PAPYRUS.TTF
NOTE! Invalid compressed data
--> FREESCPT.TTF
NOTE! Invalid compressed data
--> ARIALNB.TTF
NOTE! Invalid compressed data
--> ARIALNBI.TTF
NOTE! Invalid compressed data
--> ARIALNI.TTF
NOTE! Invalid compressed data
--> ARIALN.TTF
NOTE! Invalid compressed data
C:\My Downloads
FlashMX2004-en.zip
ArchiveType: ZIP
--> Flash_Video_Exporter.exe
ArchiveType: CAB SFX (self extracting)
--> \Disk1\data1.cab
WARNING! Error read file
--> \Disk1\data2.cab
WARNING! Error read file
--> \Disk1\ikernel.ex_
WARNING! Error read file
--> \Disk1\layout.bin
WARNING! Error read file
--> \Disk1\Setup.exe
WARNING! Error read file
--> \Disk1\Setup.ini
WARNING! Error read file
C:\RECYCLER\NPROTECT
00238341.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00238347.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00238349.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00238511.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.aco.1
WAS DELETED!
00238570.sys
[DETECTION] Is the Trojan horse TR/Delprot.A
WAS DELETED!
00238584.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00238627.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00238719.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delmed.B
WAS DELETED!
00238933
[DETECTION] Is the Trojan horse TR/Delprot.A
WAS DELETED!
00239040.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00239041.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00239533.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00239740.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00239792.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240189.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240280.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240283.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240284.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240352.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240361.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240425.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delmed.B
WAS DELETED!
00240540.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240601.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240624.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240737.exe
The file contains signature of the PMS/Processor.20 program and was suppressed by the user.
00240807.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240809.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240810.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240812.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240814.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240818.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240848.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240894.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240895.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00240909.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
00241089.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP1
A0000071.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004036.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004037.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004110.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004131.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004139.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004151.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004152.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004165.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004219.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.aco.1
WAS DELETED!
A0004251.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.aco.1
WAS DELETED!
A0004257.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004280.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004291.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004318.exe
[DETECTION] Is the Trojan horse TR/Dldr.1296
WAS DELETED!
A0004319.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.aco.1
WAS DELETED!
A0004326.sys
[DETECTION] Is the Trojan horse TR/Delprot.A
WAS DELETED!
A0004336.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delmed.B
WAS DELETED!
A0004395.dll
[DETECTION] Is the Trojan horse TR/StartPa.DU.DLL.2
WAS DELETED!
A0004411.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004447.exe
The file contains signature of the PMS/Processor.20 program and was suppressed by the user.
A0004459.exe
ArchiveType: ZIP SFX (self extracting)
--> l2mfix\Process.exe
The file contains signature of the PMS/Processor.20 program and was suppressed by the user.
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP2
A0004474.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004557.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004572.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004601.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004603.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004604.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004605.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004606.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.aco.1
WAS DELETED!
A0004607.sys
[DETECTION] Is the Trojan horse TR/Delprot.A
WAS DELETED!
A0004608.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004609.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004610.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delmed.B
WAS DELETED!
A0004611.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004612.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004613.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004614.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004615.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004616.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004617.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004618.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004619.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004620.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004621.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004622.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delmed.B
WAS DELETED!
A0004623.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004624.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004625.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004626.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004627.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004628.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004629.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004630.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004631.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004632.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004633.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004634.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004635.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
A0004636.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
WAS DELETED!
C:\windows\Downloaded Program Files
910039_3050886320_AHCI.exe347
[DETECTION] Is the Trojan horse TR/Dialer.EH.3
WAS DELETED!
910039_3050886320_HSEM.exe512
[DETECTION] Is the Trojan horse TR/Dialer.EH.3
WAS DELETED!
C:\windows\system32
DrPMon.dll
[DETECTION] Is the Trojan horse TR/Click.Age.DB.Dll
WAS DELETED!
gudbsau.zip
ArchiveType: ZIP
--> gudbsau.exe
[DETECTION] Is the Trojan horse TR/Agent.ABS
C:\windows\system32\ActiveScan
imscan.dll
[DETECTION] Contains signature of the Micro-128 © virus
WAS DELETED!
C:\windows\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
sam
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
security
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!



End of scan: 27 April 2005 11:53
Time taken: 57:40 min


3249 directories were scanned
78535 files were scanned
12 warning messages were issued
102 files were deleted
0 files were repaired
103 detections




Logfile of HijackThis v1.99.1
Scan saved at 11:58:57, on 27/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\My Documents\Security\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCDC388-0329-46EE-A106-4C8070A8926C}: NameServer = 195.112.4.4
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\windows\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Certainly seemed to pick up a load of Trojans during the scan. A couple wern't deleted as they were archived..should I do anything about these?

Cheers again
Graham
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
The ones in the password protected archives are backups mad by Spybot S&D, so no worries there. :tazz:

I don't see it in your running processes anymore.
This may sound stupid but can you check for param32.dll again, please?

Have HijackThis fix these:
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

to disable the resident part of AntiVir.

Regards,
  • 0

#25
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Still no sign of the param32.dll

fixed the resident part of AntiVir.

Still getting Aurora but although I get the popup, there is actually no advert in the box. Upon clicking the "?" i get the following message:

"You are seeing these ads because you have received software free of charge through an Aurora distributor. To support your free software and to help keep the product free, please do not uninstall Aurora. Aurora is not "spyware," does not collect any personal information about you, and is not malicious.

If you do choose to uninstall Aurora contextual advertising software, it can be safely and completely removed by going to edited - Metallica to get the uninstall tool."


This is a pop up box from abetterinternet/aurora edited - Metallica

which worried me. Should I use this link to delete Aurora. I wasn't happy doing this.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:34, on 27/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\admin\My Documents\Security\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCDC388-0329-46EE-A106-4C8070A8926C}: NameServer = 195.112.4.4
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\windows\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Cheers
Graham

Edited by Metallica, 27 April 2005 - 06:02 AM.

  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
I am not in favor of using their uninstaller. Neither do I trust it.
I mean, did you install anything that warned you about these adds in the EULA?
I thought not

I will also edit the links out of your posts, so others won't follow them.

This will be time consuming:

Please download and install Agent Ransack from: http://www.mythicsof...ck/default.aspx

Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.

In the bottom bar type or paste aurora

Then click Start Search.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Regards,
  • 0

#27
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Pieter,
having problems inserting the results in the post. Is is 130 pages in Word!!

can I attache the txt file or something
Graham
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
I don't have the program installed on this computer, but there should be an option to only list the filenames and nothing of the content. Can you find that?

Regards,
  • 0

#29
TFP

TFP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yep, got that :


C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat (240 KB, 27/04/2005 13:07:01)
C:\Documents and Settings\admin\Local Settings\History\History.IE5\MSHist012005042720050428\index.dat (80 KB, 27/04/2005 13:07:25)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XUZCTMN\index[1].htm (70 KB, 26/04/2005 15:40:21)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDYB05YV\index[1].htm (98 KB, 26/04/2005 15:48:25)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KP2J09QN\index[1].htm (94 KB, 26/04/2005 15:43:17)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLERCXQV\index[1].htm (86 KB, 26/04/2005 15:32:50)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLERCXQV\index[2].htm (86 KB, 26/04/2005 15:35:43)
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNWSUB9D\index[1].htm (98 KB, 26/04/2005 15:48:50)
C:\i386\display.inf (33 KB, 19/04/2004 11:26:20)
C:\i386\wmpvis.dll (508 KB, 19/04/2004 11:32:24)
C:\Program Files\Adobe\Photoshop 7.0\Presets\Styles\Text Effects.asl (220 KB, 02/04/2002 21:11:00)
C:\Program Files\Adobe\Photoshop 7.0\Presets\Tools\Brushes.tpl (343 KB, 02/04/2002 21:11:06)
C:\Program Files\Common Files\Adobe\Spelling\usa90.dct (1098 KB, 21/02/2001 12:07:24)
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSGR3EN.LEX (3700 KB, 03/11/2000 16:35:54)
C:\Program Files\Common Files\Microsoft Shared\PROOF\MSGR3FR.LEX (3379 KB, 03/11/2000 17:36:02)
C:\Program Files\Windows Media Player\wmpvis.dll (508 KB, 16/07/2003 17:46:24)
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP1\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2856808736-4273700075-2639295641-1006 (5268 KB, 25/04/2005 13:15:39)
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP2\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2856808736-4273700075-2639295641-1006 (6428 KB, 26/04/2005 16:31:25)
C:\windows\aeqobyy.exe (232 KB, 22/11/2001 16:38:37)
C:\windows\MEMORY.DMP (522320 KB, 25/04/2005 15:47:09)
C:\windows\inf\display.inf (33 KB, 16/07/2003 17:21:09)
C:\windows\inf\display.PNF (53 KB, 08/04/2005 15:40:04)
C:\windows\Installer\inf\display.inf (33 KB, 19/04/2004 11:26:20)
C:\windows\Installer\inf\display.PNF (53 KB, 01/07/2004 16:35:28)
C:\windows\ServicePackFiles\i386\ati2dvaa.dll (370 KB, 04/08/2004 08:56:41)
C:\windows\ServicePackFiles\i386\ati2mtaa.sys (320 KB, 04/08/2004 06:29:26)
C:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ati2dvaa.dll (370 KB, 04/08/2004 08:56:41)
C:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ati2mtaa.sys (320 KB, 04/08/2004 06:29:26)
C:\windows\srchasst\nls302en.lex (4297 KB, 19/04/2004 11:29:44)
C:\windows\system32\ati2dvaa.dll (370 KB, 04/08/2004 08:56:41)
C:\windows\system32\DllCache\nls302en.lex (4297 KB, 19/04/2004 11:29:44)
C:\windows\system32\DllCache\wmpvis.dll (508 KB, 16/07/2003 17:46:24)
C:\windows\system32\drivers\ati2mtaa.sys (320 KB, 04/08/2004 06:29:26)
  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
I think I have identified them.

You'll probably need Killbox to delete them.
Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\windows\aeqobyy.exe
C:\windows\system32\DllCache\nls302en.lex
C:\windows\srchasst\nls302en.lex
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the system reboot.

Download, install, and run CleanUp!

Hoping on a aurora free return,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP