View Full Version : need help virtumonde virus
I need help making sure I have deleted the virtumonde virus. I have the log but, it exceeds the text size to upload? What do I do about that? After reading posts I sure hope and believe you can help me with this..Please!! Thanks
Block/Extraction File enforcer 2009-03-29 00:19:48 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:47 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:47 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:19:40 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:39 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:39 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:19:34 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:33 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:33 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:19:31 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:19:27 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:25 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:25 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:19:24 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction COM enforcer 2009-03-29 00:19:14 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:19:14 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:12 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:12 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:19:10 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:19:09 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:09 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:19:08 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction COM enforcer 2009-03-29 00:19:03 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:19:03 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:02 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:19:02 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:19:02 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:19:00 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-29 00:18:59 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-29 00:18:53 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:18:52 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:18:52 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:18:52 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:18:52 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:18:50 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-03-29 00:18:50 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:18:44 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:18:43 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:18:43 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:18:38 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information General 2009-03-29 00:18:29 Completed system scan.
Information General 2009-03-29 00:17:50 Started system scan.
Block/Extraction File enforcer 2009-03-29 00:17:40 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:17:38 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:17:38 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:17:35 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:17:33 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:17:33 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:17:27 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:17:26 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:17:26 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:17:23 Deleted file: c:\windows\system32\wadibevu.dll
Information Registry enforcer 2009-03-29 00:17:22 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:17:21 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:17:21 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:17:21 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-29 00:17:14 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:17:07 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-29 00:17:06 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:17:05 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:17:05 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:17:04 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:16:49 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:16:46 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:16:46 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:16:45 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Registry enforcer 2009-03-29 00:16:44 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:16:40 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:16:37 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:16:37 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:16:37 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Registry enforcer 2009-03-29 00:16:36 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:16:30 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-29 00:16:29 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction Registry enforcer 2009-03-29 00:16:28 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-29 00:16:28 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:16:28 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:16:27 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-29 00:16:27 Inspecting WinSock registry (LSP Chain)
Block/Extraction COM enforcer 2009-03-29 00:16:18 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:16:16 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:16:14 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:16:14 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:16:14 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-29 00:16:14 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-29 00:15:56 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:15:54 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:15:54 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:15:51 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information General 2009-03-29 00:15:35 Completed system scan.
Block/Extraction COM enforcer 2009-03-29 00:15:17 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information General 2009-03-29 00:15:08 Started system scan.
Block/Extraction COM enforcer 2009-03-29 00:15:06 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Registry enforcer 2009-03-29 00:15:03 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-29 00:14:58 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction COM enforcer 2009-03-29 00:14:57 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:14:45 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:14:43 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:14:43 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:14:41 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction COM enforcer 2009-03-29 00:14:40 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:14:35 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:14:33 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:14:32 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:14:29 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction COM enforcer 2009-03-29 00:14:24 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Registry enforcer 2009-03-29 00:14:16 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction File enforcer 2009-03-29 00:14:14 Deleted file: c:\windows\system32\wadibevu.dll
Information Registry enforcer 2009-03-29 00:14:14 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-29 00:14:13 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:14:13 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction COM enforcer 2009-03-29 00:14:09 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-29 00:13:46 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:13:44 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:13:44 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:13:38 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information General 2009-03-29 00:13:23 Completed system scan.
Block/Extraction File enforcer 2009-03-29 00:13:21 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-29 00:13:19 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-29 00:13:19 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-29 00:13:19 Inspecting WinSock registry (LSP Chain)
Warning/Detection Process enforcer 2009-03-28 21:50:18 Monitoring process c:\program files\messenger\msmsgs.exe
Information General 2009-03-28 21:45:53 Started system scan.
Block/Extraction File enforcer 2009-03-28 21:44:18 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:44:16 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:44:16 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-28 21:37:53 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction COM enforcer 2009-03-28 21:37:28 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction COM enforcer 2009-03-28 21:37:11 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction COM enforcer 2009-03-28 21:36:55 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Internet ExplorerSiteguard 2009-03-28 21:36:13 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2009-03-28 21:36:11 Inspecting registered Explorer bars
Block/Extraction File enforcer 2009-03-28 21:35:51 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction COM enforcer 2009-03-28 21:35:43 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:35:41 Suppressed file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:35:26 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:35:24 Suppressed file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:35:24 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:35:18 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:35:05 Suppressed file: c:\windows\system32\wadibevu.dll
Information Registry enforcer 2009-03-28 21:34:39 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-28 21:34:34 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-03-28 21:34:33 Inspecting registered Browser Helper Objects (BHOs)
Information Process enforcer 2009-03-28 21:33:49 Starting process watcher
Block/Extraction NT Service enforcer 2009-03-28 21:30:06 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-03-28 21:30:01 Disabled service: messenger -
Block/Extraction File enforcer 2009-03-28 21:29:37 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:29:32 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:29:32 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:29:30 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:29:26 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:29:26 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:29:25 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction Registry enforcer 2009-03-28 21:29:21 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:29:20 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:29:19 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:29:17 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:29:16 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction Registry enforcer 2009-03-28 21:29:14 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction Registry enforcer 2009-03-28 21:29:12 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:29:09 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:29:09 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:29:06 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:29:00 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:29:00 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction COM enforcer 2009-03-28 21:28:58 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:28:52 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:28:52 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction Registry enforcer 2009-03-28 21:28:46 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:28:45 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:28:45 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-28 21:28:44 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:28:37 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:28:37 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction COM enforcer 2009-03-28 21:28:34 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction Registry enforcer 2009-03-28 21:28:27 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:28:27 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:28:27 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction COM enforcer 2009-03-28 21:28:22 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:28:14 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:28:13 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:28:08 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction Registry enforcer 2009-03-28 21:28:04 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:28:01 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:28:01 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction COM enforcer 2009-03-28 21:28:01 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction Registry enforcer 2009-03-28 21:27:53 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:27:49 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:27:49 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction Registry enforcer 2009-03-28 21:27:46 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:27:38 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:27:38 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-28 21:27:36 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:27:27 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:27:27 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:27:15 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:27:12 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:27:11 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:27:08 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction File enforcer 2009-03-28 21:26:57 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction COM enforcer 2009-03-28 21:26:57 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Information Registry enforcer 2009-03-28 21:26:56 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-28 21:26:52 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:26:39 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:26:38 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:26:27 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:26:20 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:26:20 Deleted file: c:\windows\system32\mulipiza.dll
Information Registry enforcer 2009-03-28 21:26:16 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-28 21:26:12 Quarantined file: c:\windows\system32\mulipiza.dll
Block/Extraction Registry enforcer 2009-03-28 21:26:12 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:26:12 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction COM enforcer 2009-03-28 21:26:12 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction Registry enforcer 2009-03-28 21:26:06 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:26:01 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:26:01 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:25:58 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:25:49 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:25:49 Deleted file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:25:41 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction File enforcer 2009-03-28 21:25:38 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction Registry enforcer 2009-03-28 21:25:38 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction File enforcer 2009-03-28 21:25:37 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:25:30 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction Registry enforcer 2009-03-28 21:25:30 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Information Registry enforcer 2009-03-28 21:25:25 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-28 21:25:23 Inspecting WinSock registry (LSP Chain)
Block/Extraction Registry enforcer 2009-03-28 21:25:15 Deleted registry value {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} in hklm\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
Block/Extraction COM enforcer 2009-03-28 21:25:15 Suppressed COM class: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} hklm\Software\Classes"
Block/Extraction File enforcer 2009-03-28 21:24:58 Deleted file: c:\windows\system32\weduriwi.dll
Warning/Detection COM enforcer 2009-03-28 21:24:51 Detected malicious COM class (CLSID:{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4})
Block/Extraction File enforcer 2009-03-28 21:24:43 Quarantined file: c:\windows\system32\weduriwi.dll
Block/Extraction File enforcer 2009-03-28 21:24:42 Deleted file: c:\windows\system32\wadibevu.dll
Block/Extraction COM enforcer 2009-03-28 21:24:23 Suppressed COM class: {60a60ff3-fbd1-42ac-b235-1964c23df0c3} hklm\Software\Classes"
Block/Extraction Registry enforcer 2009-03-28 21:24:14 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction Registry enforcer 2009-03-28 21:24:08 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
Block/Extraction Registry enforcer 2009-03-28 21:24:05 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Information General 2009-03-28 21:23:55 SITEguard definition update 5.0.40.23 successfully applied.
Block/Extraction File enforcer 2009-03-28 21:23:46 Quarantined file: c:\windows\system32\wadibevu.dll
Block/Extraction File enforcer 2009-03-28 21:23:45 Deleted file: c:\windows\system32\mulipiza.dll
Block/Extraction Registry enforcer 2009-03-28 21:23:36 Suppressing DLL from AppInit_DLLs (C:\WINDOWS\system32\wadibevu.dll)
Block/Extraction Registry enforcer 2009-03-28 21:23:34 Suppressing application from run key (Rundll32.exe "C:\WINDOWS\system32\weduriwi.dll",s)
Block/Extraction Hosts file 2009-03-28 21:23:33 Deleted 'hosts' file entries: 1 Entries
Information Registry enforcer 2009-03-28 21:23:33 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-03-28 21:23:33 Inspecting WinSock registry (LSP Chain)
Block/Extraction File enforcer 2009-03-28 21:23:29 Quarantined file: c:\windows\system32\mulipiza.dll
Information General 2009-03-28 21:23:13 Request to update definitions completed successfully.
Information General 2009-03-28 21:22:39 Anti-Spyware Incremental definition update 5.0.40.23 successfully applied.
Information General 2009-03-28 21:22:31 Anti-Spyware Incremental definition update 5.0.40.22 successfully applied.
Information General 2009-03-28 21:22:15 Anti-Spyware Incremental definition update 5.0.40.21 successfully applied.
Information General 2009-03-28 21:22:06 Anti-Spyware Incremental definition update 5.0.40.20 successfully applied.
Information General 2009-03-28 21:22:01 Anti-Spyware Incremental definition update 5.0.40.19 successfully applied.
Information General 2009-03-28 21:21:58 Anti-Spyware Incremental definition update 5.0.40.18 successfully applied.
Information General 2009-03-28 21:21:56 Anti-Spyware Incremental definition update 5.0.40.17 successfully applied.
Information General 2009-03-28 21:21:54 Anti-Spyware Incremental definition update 5.0.40.16 successfully applied.
Information General 2009-03-28 21:21:45 Anti-Spyware Incremental definition update 5.0.40.15 successfully applied.
Information General 2009-03-28 21:21:38 Anti-Spyware Incremental definition update 5.0.40.14 successfully applied.
Information General 2009-03-28 21:21:34 Anti-Spyware Incremental definition update 5.0.40.13 successfully applied.
Information Internet ExplorerSiteguard 2009-03-28 21:19:57 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2009-03-28 21:19:57 Inspecting registered Explorer bars
Information Registry enforcer 2009-03-28 21:19:57 Inspecting registered Browser Helper Objects (BHOs)
Information Process enforcer 2009-03-28 21:19:56 Starting process watcher
pskelley
2009-04-03, 03:36
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
After reading posts I sure hope and believe you can help me with this..Please!! Thanks
If you still want help, how about reading and following the directions. Once you do that, post the HJT log and I will take a look. I have no idea what that is you posted?
Thanks
pskelley
2009-04-08, 16:57
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.