Tech Support Forum banner
Cancel

Kollah virus

Jump to Latest Follow
Status
Not open for further replies.
1 - 9 of 9 Posts
H

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I have a Kollah virus that won't go away. Every time I reboot, it comes back. I keep deleting the virus, but it comes back every time. I also have a svchost error message and a dll error message that are giving me heck. I think I've been hacked. Here are my logs.


DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 7:46:05.12 on Fri 05/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.450 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/clar/content/whereserialnumber.jsp?appID=java_wreg_wreg_genpg&segment=consumer&gwCountry=US&language=en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,c:\windows\system32\sdra64.exe,
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 30\imc.exe
uRun: [autochk] rundll32.exe c:\docume~1\hp_adm~1\protect.dll,[email protected]
uRun: [UpdateWin] c:\windows\system32\1257193224t.exe
uRunServices: [UpdateWin] c:\windows\system32\1257193224t.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MskDetct.exe /startup
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MPSExe] c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vlc] c:\windows\vlc.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [taskmg] c:\windows\taskmg.exe
mRun: [alg] c:\windows\alg.exe
mRun: [sms] c:\windows\sms.exe
mRun: [UpdateWin] c:\windows\system32\1257193224t.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunServices: [UpdateWin] c:\windows\system32\1257193224t.exe
dRun: [userinit] c:\windows\system32\ntos.exe
dRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,[email protected]
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\harmon~1.lnk - c:\program files\logitech\harmony remote\EasyZapperMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\sslaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\mclsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138765056236
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160048693368
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232498852946&h=26dbba89fce3bc054d8adc3b37352d68/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} - hxxp://media.rivals.com/msichat.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
Notify: iokey - iokey.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ldj17yqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gopowercat.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {F681AF32-F9AB-4010-AA03-02CD4277B0B6} - c:\documents and settings\hp_administrator\local settings\application data\{F681AF32-F9AB-4010-AA03-02CD4277B0B6}

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-8 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-12-5 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-8 122368]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-7-17 114464]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-5 245760]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;c:\windows\system32\drivers\sacmxp.sys [2005-12-5 14336]

=============== Created Last 30 ================

2009-05-01 07:18 <DIR> --d----- c:\program files\Trend Micro
2009-04-19 12:36 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\NCH Software
2009-04-19 12:35 <DIR> --d----- c:\program files\NCH Software
2009-04-16 08:56 <DIR> --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-04-16 08:54 <DIR> --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-04-16 08:52 <DIR> --d----- c:\windows\ie8updates
2009-04-16 08:49 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-16 08:49 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-04-16 08:47 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-14 12:13 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-14 12:13 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-14 12:13 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-14 12:13 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-14 12:13 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 12:13 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 12:13 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 12:13 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-14 12:13 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-14 12:12 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 12:12 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 12:12 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-06 05:39 311,808 a------- c:\windows\sms.exe
2009-04-06 05:39 311,296 a------- c:\windows\alg.exe
2009-04-05 23:38 311,808 a------- c:\windows\taskmg.exe

==================== Find3M ====================

2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 21:49 434,843 a------- c:\windows\system32\rn.tmp
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-27 20:23 135,168 a------- c:\windows\unulaquvacaxoj.dll
2009-02-27 20:10 41,472 a------- c:\windows\Bsogumihoyopo.dll
2009-02-20 05:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 05:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 14:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-09-05 14:16 56,912 a------- c:\documents and settings\hp_administrator\g2mdlhlpx.exe
2007-08-09 05:55 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-09-18 18:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 7:47:54.79 ===============
 

Attachments

sjb007

· Registered
Joined
·
3,219 Posts
#2 ·
Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
H

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Hi Steve,

Thanks for your help! I completed running combofix and have the log. I did get a root error while running combofix and it told me to write down c:/windows/system32/sdra64.exe. I'm not sure what that is for, but figured I would post it. Internet explorer doesn't work, but I'm not getting the svchost error or the dll error now. I'm running a full system scan now and will post my results when it finishes to see if the Kollah virus is gone. Here is the log:

ComboFix 09-05-03.4 - HP_Administrator 05/04/2009 8:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.641 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: Personal Firewall Plus *disabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\config.cfg
c:\documents and settings\HP_Administrator\err.log
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\windows\alg.exe
c:\windows\Bsogumihoyopo.dll
c:\windows\ejawusuya.dll
c:\windows\ejenopaf.dll
c:\windows\IE4 Error Log.txt
c:\windows\patch.exe
c:\windows\system32\_000218_.tmp.dll
c:\windows\system32\a9k.bin
c:\windows\system32\bszip.dll
c:\windows\system32\c.ico
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\m.ico
c:\windows\system32\m3.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
c:\windows\system32\sdra64.exe
c:\windows\system32\sf.ico
c:\windows\system32\uniq.tll
c:\windows\system32\wpv691235148905.cpx
c:\windows\system32\wpv701235079657.cpx
c:\windows\unulaquvacaxoj.dll
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCHOST


((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-01 12:18 . 2009-05-01 12:18 -------- d-----w c:\program files\Trend Micro
2009-04-19 17:36 . 2009-04-19 17:36 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\NCH Software
2009-04-19 17:35 . 2009-04-19 17:36 -------- d-----w c:\program files\NCH Software
2009-04-19 17:35 . 2009-04-19 17:35 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2009-04-16 13:56 . 2009-04-16 13:56 -------- d-sh--w c:\documents and settings\HP_Administrator\PrivacIE
2009-04-16 13:55 . 2009-04-16 13:55 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-16 13:54 . 2009-04-16 13:54 -------- d-sh--w c:\documents and settings\HP_Administrator\IETldCache
2009-04-16 13:52 . 2009-04-16 14:34 -------- d-----w c:\windows\ie8updates
2009-04-16 13:49 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-16 13:49 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\dllcache\ieencode.dll
2009-04-16 13:47 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-14 17:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:13 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 17:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 17:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 17:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 17:12 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 10:39 . 2009-04-06 10:39 311808 ----a-w c:\windows\sms.exe
2009-04-06 04:38 . 2009-04-06 04:38 311808 ----a-w c:\windows\taskmg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 13:25 . 2009-01-25 05:08 -------- d-----w c:\program files\SpyNoMore
2009-05-04 13:24 . 2005-01-28 09:55 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 17:46 . 2007-05-22 02:40 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-06 10:41 . 2009-01-25 02:00 162 --sha-w c:\windows\system32\1257193224.dat
2009-03-21 07:05 . 2009-03-12 22:29 7 ----a-w c:\windows\system32\nar.bin
2009-03-06 14:22 . 2004-08-10 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 02:49 . 2009-03-06 02:49 434843 ----a-w c:\windows\system32\rn.tmp
2009-03-03 00:18 . 2004-08-10 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-12 19:59 . 2009-02-12 19:49 563 ----a-w c:\windows\checkip.dat
2009-02-12 19:44 . 2009-02-12 19:44 1244 ----a-w c:\windows\ipconfig.dat
2009-02-09 12:10 . 2004-08-10 11:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 18:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-10 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-10 11:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-10 18:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-03-23 126976]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 126976]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 1111040]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 950272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2005-05-24 274432]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-07-25 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-02-27 1067984]
"sms"="c:\windows\sms.exe" [2009-04-06 311808]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-18 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Harmony Monitor.lnk - c:\program files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-1-20 81920]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-26 45056]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;c:\windows\system32\DRIVERS\sacmxp.sys [2003-04-17 14336]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
HKLM-Run-alg - c:\windows\alg.exe
HKU-Default-Run-autochk - c:\docume~1\NETWOR~1\protect.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/clar/content/whereserialnumber.jsp?appID=java_wreg_wreg_genpg&segment=consumer&gwCountry=US&language=en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
LSP: c:\windows\system32\mclsp.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ldj17yqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gopowercat.com/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 08:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll

- - - - - - - > 'explorer.exe'(1100)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Lexmark X6100 Series\lxbfbmon.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCMTR.EXE
c:\windows\ALCWZRD.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-05-04 8:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 13:47

Pre-Run: 213,682,061,312 bytes free
Post-Run: 213,777,461,248 bytes free

238 --- E O F --- 2009-04-30 08:01
 
H

· Registered
Joined
·
5 Posts
Discussion Starter · #4 ·
I just finished the full scan on my computer. The Kollah virus is gone but I have a trojan/bifrost virus now according to the Spynomore scanner. Internet explorer isn't working. Thanks again.

Tray
 
sjb007

· Registered
Joined
·
3,219 Posts
#5 ·
Hi Tray

but I have a trojan/bifrost virus now according to the Spynomore scanner
Click to expand...
Does it show a location &/or filename for what was found? Was the file deleted by Spynomore? Did the program produce a log?

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download Malwarebytes Anti-Malware (MBAM) and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

=========================================

I want you to run an online scan at kaspersky. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click IE/Firefox icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Post back with the MBAM log and the Kaspersky log
 
H

· Registered
Joined
·
5 Posts
Discussion Starter · #6 ·
Hi Steve,

It did tell me the location, but I deleted it and the bifrost virus has not come back. I ran the ATF Cleaner and the MBAM. I tried to run the kaspersky scan, but it kept prompting me saying that I needed to install Java 1.5 or better. I already have Java 1.6 so I don't understand what it meant. I'm finding that Microsoft Paint is missing and the Calculator isn't working either. Explorer still doesn't work. Here is the log from the MBAM scan. Thanks again for your help.

Malwarebytes' Anti-Malware 1.36
Database version: 2088
Windows 5.1.2600 Service Pack 3

5/7/2009 8:56:48 AM
mbam-log-2009-05-07 (08-56-48).txt

Scan type: Quick Scan
Objects scanned: 88642
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 232

Memory Processes Infected:
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\wingdiapp.wingdi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spynomore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SNM.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sms (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpyNoMore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Temp (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpyNoMore\DetectionLog.dtl (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\license.txt (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RegAllowedKeys.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RegBlockedKeys.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Removal.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Scan.log (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Smart.db (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.chm (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snm.ico (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d01 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d02 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d03 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d04 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmIeGuard.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmIeGuard.dll (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da1 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da2 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da3 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da4 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da5 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da6 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmShield.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmVaccinate.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SpyNoMore.url (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\uninst.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\118.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\1257193224t.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\131v.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\a.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\a0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\ALSNDMGRx.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\autochk.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\autochk0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dloadr-AWJ.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Fake Windows Security Center.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Fake Windows Security Center0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\frmwrk32.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\iehelper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\iehost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\mst122.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\ntos.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Opachki.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Opachki0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\protect.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\protect0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\rollback.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\runsql.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\S-1-5-21-66747145-18531214-725345543-5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\sv.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svc.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svchost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svhoster.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svw.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svw0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svx.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svzip.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\sysguard.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\system.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor 26 Free.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctorFreeSetup.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\tmp.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanBifrost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah16.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah17.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah18.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah19.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah20.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah21.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah22.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah23.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah24.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah25.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah26.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah27.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\vlc.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan16.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan17.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan18.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan19.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan20.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan21.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan22.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan23.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan24.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan25.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\W32Zapchast.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\W32Zapchast0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wdmon.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wndutl32.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wndutl320.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\XPPoliceAntivirus.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\SpyNoMore.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\Uninstall.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\Website.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\WINDOWS\sms.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\SpyNoMore.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
 
sjb007

· Registered
Joined
·
3,219 Posts
#7 ·
Hi there

What happens when you click Internet Explorer, does it start but not connect, or does it just not start at all.

Go to control panel...
Select internet options

Click on the advanced tab

First Select restore advanced settings button
Now select the reset button underneath
Now click on the apply button
Now click on the OK button

Once done try internet explorer again

Lets try a different scan

Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information" (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please post the contents of that log in your next reply.
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post back with the results
 
H

· Registered
Joined
·
5 Posts
Discussion Starter · #8 ·
Hi Steve:

Explorer still doesn't work.....and alot of other microsoft programs too. Explorer starts, but isn't connecting. I reset the settings as mentioned above and tried it again. Still nothing. Firefox works fine. Anyway, I ran the Panda Active Scan and here are the results. Thanks again.

Malwarebytes' Anti-Malware 1.36
Database version: 2088
Windows 5.1.2600 Service Pack 3

5/7/2009 8:56:48 AM
mbam-log-2009-05-07 (08-56-48).txt

Scan type: Quick Scan
Objects scanned: 88642
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 232

Memory Processes Infected:
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\wingdiapp.wingdi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spynomore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SNM.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sms (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpyNoMore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Temp (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpyNoMore\DetectionLog.dtl (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\license.txt (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RegAllowedKeys.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RegBlockedKeys.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Removal.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Scan.log (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\Smart.db (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.cfg (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.chm (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snm.ico (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d01 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d02 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d03 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmExt.d04 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmIeGuard.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmIeGuard.dll (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da1 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da2 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da3 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da4 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da5 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.da6 (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SNMMain.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmShield.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\snmVaccinate.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\SpyNoMore.url (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\uninst.exe (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\118.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\1257193224t.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\131v.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\a.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\a0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Agent3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\ALSNDMGRx.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\autochk.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\autochk0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Active Desktop9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Changing Wallpaper9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Registry Tools8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Disabled Task Manager9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dloadr-AWJ.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Dropper3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Fake Windows Security Center.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Fake Windows Security Center0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\FakeAlert9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\frmwrk32.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\iehelper.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\iehost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\LDPinch9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\mst122.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\ntos.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\odb1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Opachki.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Opachki0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\protect.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\protect0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\rollback.dat (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\runsql.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\S-1-5-21-66747145-18531214-725345543-5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\sv.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svc.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svchost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svhoster.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svw.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svw0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svx.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\svzip.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\sysguard.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\system.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor 26 Free.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctor4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\SystemDoctorFreeSetup.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\tmp.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanBifrost.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah16.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah17.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah18.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah19.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah20.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah21.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah22.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah23.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah24.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah25.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah26.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah27.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\TrojanKollah9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\vlc.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan10.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan11.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan12.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan13.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan14.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan15.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan16.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan17.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan18.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan19.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan2.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan20.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan21.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan22.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan23.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan24.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan25.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan3.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan4.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan5.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan6.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan7.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan8.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\Vundo Trojan9.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\W32Zapchast.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\W32Zapchast0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wdmon.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wndutl32.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wndutl320.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem0.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\wsnpoem1.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Program Files\SpyNoMore\RollBack\XPPoliceAntivirus.zip (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\SpyNoMore.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\Uninstall.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpyNoMore\Website.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
C:\WINDOWS\sms.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\SpyNoMore.lnk (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
 
sjb007

· Registered
Joined
·
3,219 Posts
#9 ·
Hi there

Looks like you posted the MBAM log twice! Not to worry, just post it in your next reply.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

===================================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove the following versions of Java.

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1

Leave this one in -> Java(TM) 6 Update 11


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.Next go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
      Now click on the Update Tab > Update Now. An update should begin; follow the prompts
    • Click OK to leave the Java Control Panel.

===================================================

Next - Lets try the system file checker to see if any of the system files are corrupt

You may be prompt for your original windows disc so please have it close by.

Go to start menu - Select run - Type in the following sfc /scannow (notice the space between sfc and /)

This may take a while to run so please be patient, once done reboot your computer

Let me know how things go and post back with the Panda log, update me on how things are, are you still experiencing the bifrost pop ups?
 
1 - 9 of 9 Posts
Status
Not open for further replies.
About this Discussion
8 Replies
2 Participants
Last post:
sjb007
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top