Tech Support Forum banner
Cancel

Viruses found by MWAV

Jump to Latest Follow
Status
Not open for further replies.
1 - 5 of 5 Posts
F

· Registered
Joined
·
24 Posts
Discussion Starter · #1 ·
you guys recently helped me with spyware issues and things are running ok. Yesterday I ran MWAV.exe by curiosity and it found 20 malware objects and over 10 viruses (trojan nature). These infections did not appear when running Panda or EZ antivirus. Would you mind looking at this log and advising me on what to do. Your help is very much appreciated.


File C:\Documents and Settings\Federico Vega\Desktop\SYSTEM CLEANERS\Hijack this\VundoFix\process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
Object "cmesys Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Unknown Toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Faceless ICQ Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Adware.7000n Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DealHelper.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\actsetup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AdStatServX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ieatgpc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver3.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ipixx.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OneCC.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OUTC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pinstall.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Play365.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ravonline.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\retro64_loader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\tdserver.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\wabctrl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\winenc32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\smpgadec.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\smpgaux.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\smpgimpt.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\smpgvmhr.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\stsenc.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\sdvdenc.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QuickTime\smpgenc.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\minstall.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\vet32.exe" refers to invalid object "d:\program files\eTrust EZ Antivirus\Vet32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VERITAS Software\RecordNow DX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VERITAS Software\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VERITAS Software\RecordNow DX\Wizard\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VERITAS Software\RecordNow DX\wizard\Explain\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\VERITAS Software\RecordNow DX\wizard\Explain\Images\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\Addins\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\forms\1033\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\forms\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\Convert\1033\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\Convert\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\Xlators\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office10\HTML\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\BbChris\TraktorDJ Mixer\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\BbChris\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hp psc 2150 series\tour\img_shared\pics\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hp psc 2100 series\tour\img_shared\pics\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hp officejet 6100 series\tour\img_shared\pics\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\iPod\System Software 2.0.1\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ahead\Nero\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ahead\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\MIDIOX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program files\Personal Firewall 4\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program files\Personal Firewall 4\config\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\iPod\System Software 2.1\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\PowerQuest PartitionMagic 8.0\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\PowerQuest PartitionMagic 8.0\PartitionMagic 8.0 Tools\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\PowerQuest PartitionMagic 8.0\PartitionMagic 8.0 Documentation\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program files\Browser\EN\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program files\Browser\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Computer Associates\eTrust\PestPatrol\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Computer Associates\eTrust\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Computer Associates\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ipd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4e". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".st4". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "3aline Screensaver Trial Version_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Betty's Beer Bar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DiamondCS TDS-3_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DVD Decrypter". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EliteBar Internet Explorer Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Error Nuker". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Exact Audio Copy_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Image Wiz". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3C4B3DB2-69BB-402E-9B6E-61B4F519E9D0}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{9B8A8268-1F88-4EFC-8027-169FA2D320FE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{C062DBC7-009D-4D5E-B80E-5829650F7D24}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB834707". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB867282". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873333". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873339". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885250". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885835". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885836". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885884". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB886185". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB887472". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888113". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888302". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890047". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890175". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB891781". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Magic Ball". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Miranda ICQ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSIELINK_404". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSIELINK_DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSIELINK_LINKS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSIELINK_SIDE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Photo Mishmash Screensaver Trial Version_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q307271". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rippling Water Screen Saver Photo Edition_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "salm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SaveNow". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Soulseek". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SpyBotSnD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Webdialer_tlk0262". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WFX5_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winamp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows XP Service Pack". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Zinf 2.2.0a". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{35755FFD-6B97-4A51-B29C-D35DE2E34538}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45EBDA59-D33B-433A-956E-B2F236468B56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5ECB3BC1-DC94-48C8-9EC5-6D24E99B7C8D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F5734D4-E8EE-449C-97AE-B4F9BE9932BF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A2756524-E9F9-4AC1-AF4E-15F3460ACB3E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C23E729B-950A-4557-A091-32A117EFF42C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CA12BF7C-9C4C-4755-8380-AA1FFFA60BCA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CC7464F1-BE7D-49FD-88B8-49C0AA894233}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D7FF3E87-3593-4b2a-B7AD-50574153BCBF}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DECC242-87EF-11CF-86B4-444553540000}" refers to invalid object "C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe /Automation". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78C97D40-5381-4EF9-94AD-22D8CBD73956}" refers to invalid object "C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A3D2DCC7-3498-4283-8C93-777EA0D4CA99}" refers to invalid object "C:\Documents and Settings\Federico Vega\Desktop\Photoshop 6.0\Photoshp.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DE3E6734-CA50-4AC5-B44F-A0449F25E3CE}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /IMG_WIA". Action Taken: No Action Taken.
Entry "HKCR\.apj\shell\open\command" refers to invalid object "C:\ALL3\a3w.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\.avf\shell\open\command" refers to invalid object "C:\ALL3\clrview.exe %1". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\ACLFile\shell\open\command" refers to invalid object "C:\ALL3\a3w.EXE %1". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ssc.dll infected by "Trojan-Downloader.Win32.Delf.uy" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntdll.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\FEDERI~1\LOCALS~1\Temp\upd.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\DOCUME~1\FEDERI~1\LOCALS~1\Temp\Rar$EX00.063\crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\WINDOWS\system32\drivers\etc\hosts infected by "Trojan.Win32.Qhost.r" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ssc.dll infected by "Trojan-Downloader.Win32.Delf.uy" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntdll.exe infected by "Trojan-Dropper.Win32.Agent.kd" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Federico Vega\Local Settings\Temp\upd.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Documents and Settings\Federico Vega\Local Settings\Temp\Rar$EX00.063\crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Documents and Settings\Federico Vega\Desktop\SYSTEM CLEANERS\Hijack this\VundoFix\process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-173bc6f1.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-2708114e.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\US eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Program Files\Deutsch eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Program Files\eScan Pro Edition v2.6.xxx.x cracked.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP169\A0033607.reg infected by "Email-Worm.VBS.Cuerpo" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP173\A0036309.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP173\A0036310.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Downloads\US eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Downloads\Deutsch eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\Downloads\eScan Pro Edition v2.6.xxx.x cracked.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\My Downloads\US eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\My Downloads\Deutsch eScan Pro Edition v2.6.xxx.x crack.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
File C:\My Downloads\eScan Pro Edition v2.6.xxx.x cracked.exe tagged as not-a-virus:RiskTool.Win32.PsKill.1101. No Action Taken.
 
MicroBell

· TSF Security Team, Emeritus
Joined
·
6,969 Posts
#2 ·
C:\WINDOWS\system32\ssc.dll <---delete file

C:\WINDOWS\system32\ntdll.exe<--delete fle

Run Cleanup!

Most of the other entrys in the log are old registrys entrys. You need to run a registry cleaner to clean them out. As you wen through the process before you should have been given tools to help remove this stuff. Cleanup would clean those bad guys out of your TEMP folders. Clearing your Java cache would clear those other bad guys out.

At the end of your last issue you were given advice on how to avoid this in the future. Did you read all those links "sUBs" provided? If your infected again...I would say no. :sayno:

I also see some links to "Cracks" :4-thatsba This is a prime area users get infected on. Your not simply downloading the crack...but adware, spyware, virus, trojans as well.
 
Save Share
F

· Registered
Joined
·
24 Posts
Discussion Starter · #3 ·
Hi there: I tried posting this morning but I kept being bumed out by the site! I cleaned up the registry with Regseeker which had more than 1700 invalid items, wow! First time i cleaned it really. I could not find scc.dll but got rid of ntdll.exe. Can you tell me how to clean up the Java cache or was it assisted in Regseeker? Shall i send you a new HJT log?

To follow-up on your other point, I have been diligent in following the recommendations on malware and spyware protection but had some downloads of programs that proved to be malicious. Guilty :4-dontkno , never again!

thanks again for your support!
 
1 - 5 of 5 Posts
Status
Not open for further replies.
About this Discussion
4 Replies
2 Participants
Last post:
fdeaubonne
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top