Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ceres and download alltheinternet malware

Started by sunny441 , Apr 08 2005 10:58 PM

  • This topic is locked This topic is locked

#1
sunny441
Posted 08 April 2005 - 10:58 PM

sunny441

    Member

  • Member
  • PipPipPip
  • 258 posts
;)
I am running XP on my AMD Athlon 3000+ system. I opened a malicious file by mistake a few days ago. Ever since then I have been having a bunch of problems. I don't have to even open my Internet Explorer or Mozilla and popups keep showing up(i have DSL) :tazz: It started with the CERES one , and I ran pest-patro, Adaware and even cleaned up the registry and deleted all suspected files.
The system was running fine for the next few hours - before I restarted and the junk showed up again - this time it even wanted to download some software, from abetterinternet.com on the computer. And has been wanting to ever since!! I then read through a few forums and did what they all said - I started in safe mode, ran pest patrol, adaware and regcleaner and also got BHODemon. But sadly this doesn't seem to help at all ...

Please help me fix this problem!!!!
;)
  • 0

Advertisements

#2
Daemon
Posted 09 April 2005 - 05:36 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download HijackThis by Merijn Bellekom. Doubleclick the file, click Unzip and extract the application to C:\HijackThis. Run it from there to scan your computer.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All and post it here for examination. Don't fix anything yet as most of what it lists will be harmless.
  • 0

#3
sunny441
Posted 10 April 2005 - 11:31 AM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
HI there:

thanks for your reply. My computer crashed over the weekend - and i had a tough time getting it started up again. But now it is fixed. No more Ceres pop-up but the DOwnload box still keeps popping up!!!i have also posted a screeen shot of the pop-up window.

[b] i cannot download the latest version from the link you gave me - as My antivirus- Mcafee gives me a warning saying that it is a worm and can do damage to my system. I already had hijackthis installed on my computer and ran that....

hope to hear from you guys soon

thanks
here is the LOg:
Logfile of HijackThis v1.97.7
Scan saved at 1:27:11 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\windows\system32\kodidg.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\VIA\RAID\raid_tool.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Raja\Desktop\Tools\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [ymusypg] c:\windows\system32\kodidg.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcupdmgr.exe] c:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe -regserver
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yaho...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macr...ash/swflash.cab

Attached Thumbnails

  • screensho.gif

  • 0

#4
sunny441
Posted 10 April 2005 - 11:37 AM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Ok i did manage to get the newer version of hijack this to run on my computer by disabling my antivirus - hope it wasn't a bug or anything of that sort.. here is the latest log

Logfile of HijackThis v1.99.1
Scan saved at 1:33:27 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\windows\system32\kodidg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [ymusypg] c:\windows\system32\kodidg.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcupdmgr.exe] c:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe -regserver
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Attached Thumbnails

  • screensho.gif

  • 0

#5
Daemon
Posted 12 April 2005 - 01:58 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O4 - HKLM\..\Run: [ymusypg] c:\windows\system32\kodidg.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

c:\windows\system32\kodidg.exe
C:\WINDOWS\svcproc.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#6
sunny441
Posted 12 April 2005 - 05:38 PM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Thanks for the reply.

I did as per your instructions but there was a couple of things that i would like to bring to your notice that one of the entries wasn't in my Hijack This log at this time : :tazz:
the entry was O4 - HKLM\..\Run: [ymusypg] c:\windows\system32\kodidg.exe and also the file that yu asked me to delete in the system32 the kodidg.exe file was missing

here is the new hijack this log after all the stuff has been done

Logfile of HijackThis v1.99.1
Scan saved at 7:35:46 PM, on 4/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\windows\system32\belqgln.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\hijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [qmisvi] c:\windows\system32\belqgln.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spoide - Unknown owner - C:\WINDOWS\System32\exe2bin.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)



Thanks
  • 0

#7
sunny441
Posted 12 April 2005 - 10:00 PM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Well have been surfing on my computer for a while now, after i did the stuff you guys suggested... seems to be running well

Thanks
  • 0

#8
Daemon
Posted 13 April 2005 - 12:38 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
There's still a pest lurking. Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
  • 0

#9
sunny441
Posted 13 April 2005 - 11:42 AM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
thanks for the heads up...
i did what yu asked me to do!! The results seem pretty bad,,, ther ar eplenty of infected files. am posting the log here - please have a look and tell me what i must do...

Thanks

File c:\windows\system32\nddnbn.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File c:\windows\system32\nddnbn.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nsk174.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\NTInvisible.dll tagged as not-a-virus:RiskWare.Monitor.SpyAgent.44103. No Action Taken.
File C:\WINDOWS\System32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Raja\LOCALS~1\TEMPOR~1\Content.IE5\G9KR0FOF\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Raja\LOCALS~1\TEMPOR~1\Content.IE5\GVURW1O1\thin_bundlelite[1].exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Raja\LOCALS~1\TEMPOR~1\Content.IE5\MB894VWR\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Midway Gang P2P\Local Settings\Temporary Internet Files\Content.IE5\QR0VPMFU\prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Midway Gang P2P\Local Settings\Temporary Internet Files\Content.IE5\RFLX9DPQ\prompt[1].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Raja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-36687d60.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\G9KR0FOF\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\GVURW1O1\thin_bundlelite[1].exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\MB894VWR\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\049075E2.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04CB69A1.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05605397.exe infected by "Trojan-Downloader.Win32.VB.df" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\063726FF.pif infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\065420DF.pif infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\074F3A91.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09F954B9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6766DE.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6766DE.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6D3AD7.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8460BE.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8460BE.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C870ABA.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8A34B6.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8E5EB3.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9108AF.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9108AF.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9432AC.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C985CA8.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9B06A4.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9E30A1.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130952C5.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130952C5.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15241AB0.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\158A10B7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22093742.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FC31C4D.exe infected by "Trojan-Downloader.Win32.Small.gl" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\383B44B3.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38A02DA4.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38A13ABB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D08092F.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D4950E7.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\443176BA.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A31111.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A63B0D.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A9650A.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46AD0F06.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B03902.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B362FF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B60CFB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46BA36F8.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46C334ED.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46C75EE9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46CA08E6.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46CD32E2.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D15CDF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D406DB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D730D7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46DA5AD4.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46DE04D0.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46E12ECD.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46E458C9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46EE56BE.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46F100BB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4F5B3CB1.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FC232B8.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51335D71.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\541E2259.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5AEC78AF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B526EB7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\631D77AF.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\667C34AE.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FF76E81.exe infected by "Trojan-Downloader.Win32.Small.us" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\727366B4.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72D95CBC.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76C6210C.class infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E0322B3.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E6918BA.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\System Config\svchost.exe tagged as not-a-virus:RiskWare.Monitor.SpyAgent.50003. No Action Taken.
File C:\RECYCLER\NPROTECT\00290922.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00290923.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00290928.DLL infected by "not-a-virus:AdWare.Sahat.q" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291576.exe infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291579.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291594.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291597.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291602.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291606.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291607.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291610.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291611.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291614.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291616.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291618.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291621.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291624.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291627.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291630.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291633.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291636.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291639.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291642.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291645.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291648.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291651.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291654.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291657.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291660.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291663.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291666.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291669.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291672.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291675.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291678.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291681.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291684.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291687.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291690.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291693.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292011.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292023.ZIP infected by "Trojan-Spy.Win32.Briss.h" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292025.ZIP infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292031.ZIP infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292033.ZIP infected by "Trojan-Downloader.Win32.IstBar.fr" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292034.ZIP infected by "Trojan-Downloader.Win32.Esepor.u" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292423.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292431.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292432.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292438.DLL infected by "not-a-virus:AdWare.Sahat.q" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292535.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292547.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292690.exe infected by "Trojan-Downloader.Win32.Small.gl" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292766.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292859.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP0\A0000006.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP1\A0000007.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP1\A0000012.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP1\A0000021.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP1\A0000105.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP11\A0003259.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP11\A0003266.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP11\A0003278.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP4\A0000319.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP6\A0001311.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP6\A0001317.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP6\A0001328.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP6\A0002328.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP6\A0002418.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP9\A0002991.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP9\A0003006.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP9\A0003038.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP9\A0003111.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsk174.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NTInvisible.dll tagged as not-a-virus:RiskWare.Monitor.SpyAgent.44103. No Action Taken.
File C:\WINDOWS\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File D:\Music\English\Stevie Wonder\spyagent5\Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Music\English\Stevie Wonder\spyagent5.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
  • 0

#10
Daemon
Posted 14 April 2005 - 03:08 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file to your desktop.

Start Killbox and click on Tools->Delete Temp Files. When that finishes, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\Documents and Settings\Midway Gang P2P\Local Settings\Temporary Internet Files\Content.IE5\QR0VPMFU\prompt[1].htm
C:\Documents and Settings\Midway Gang P2P\Local Settings\Temporary Internet Files\Content.IE5\RFLX9DPQ\prompt[1].php
C:\Documents and Settings\Raja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-36687d60.zip
C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\G9KR0FOF\Poller[1].exe
C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\GVURW1O1\thin_bundlelite[1].exe
C:\Documents and Settings\Raja\Local Settings\Temporary Internet Files\Content.IE5\MB894VWR\svcproc[1].exe
C:\WINDOWS\system32\hochkaod3.exe
c:\windows\system32\nddnbn.exe
C:\WINDOWS\system32\nsk174.dll
C:\WINDOWS\System32\q17i9a4j.exe
C:\WINDOWS\wupdsnff.exe
c:\windows\system32\belqgln.exe

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

Reboot if it doesn't do so automatically. Post a new mwav scan in your next reply.

Edited by Daemon, 14 April 2005 - 03:08 PM.

  • 0

Advertisements

#11
sunny441
Posted 16 April 2005 - 08:45 AM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Ok!! i ran Mwav virus thing on my computer again here is the log

File C:\WINDOWS\System32\NTInvisible.dll tagged as not-a-virus:RiskWare.Monitor.SpyAgent.44103. No Action Taken.
File C:\!Submit\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\!Submit\javainstaller.jar-3c936701-36687d60.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\!Submit\nsk174.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\!Submit\prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\!Submit\prompt[1].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\!Submit\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\!Submit\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\!Submit\thin_bundlelite[1].exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\!Submit\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\049075E2.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04CB69A1.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05605397 infected by "Trojan-Downloader.Win32.VB.df" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05605397.exe infected by "Trojan-Downloader.Win32.VB.df" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\063726FF infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\063726FF.pif infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\065420DF infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\065420DF.pif infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\074F3A91.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09F954B9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6766DE.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6766DE.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C6D3AD7.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8460BE.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8460BE.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C870ABA.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8A34B6.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8E5EB3.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9108AF.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9108AF.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9432AC.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C985CA8.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9B06A4.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9E30A1.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\124F3FE0.dat infected by "Virus.Win32.HLLP.Hantaner.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130952C5.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130952C5.PIF infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15241AB0.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\158A10B7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16E74AD3 infected by "Virus.Win32.Hidrag.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22093742.EXE infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FC31C4D.exe infected by "Trojan-Downloader.Win32.Small.gl" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\383B44B3.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38A02DA4.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38A13ABB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D08092F.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D4950E7.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\443176BA.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A31111.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A63B0D.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46A9650A.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46AD0F06.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B03902.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B362FF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B60CFB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46BA36F8.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46BD0B21 infected by "HackTool.Win32.Yacra.21" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46C334ED.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46C75EE9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46CA08E6.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46CD32E2.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D15CDF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D406DB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D6038F infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D730D7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46DA5AD4.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46DE04D0.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46E12ECD.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46E458C9.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46EE56BE.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46F100BB.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4F5B3CB1.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FC232B8.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51335D71.SCR infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\541E2259.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57CE6369 infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5AEC78AF.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B526EB7.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\631D77AF.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63822807 infected by "Trojan-Downloader.JS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\667C34AE.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FF76E81.exe infected by "Trojan-Downloader.Win32.Small.us" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\727366B4.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72D95CBC.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76580FCF infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76C6210C.class infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E0322B3.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E6918BA.exe infected by "P2P-Worm.Win32.Darby.o" Virus. Action Taken: No Action Taken.
File C:\Program Files\PestPatrol\Quarantine\20050405231051609.zip infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\PestPatrol\Quarantine\20050408140425767.zip infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\System Config\svchost.exe tagged as not-a-virus:RiskWare.Monitor.SpyAgent.50003. No Action Taken.
File C:\Program Files\vTuner\Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\RECYCLER\NPROTECT\00290922.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00290923.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00290927.CAB infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00290928.DLL infected by "not-a-virus:AdWare.Sahat.q" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291576.exe infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291579.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291594.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291597.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291602.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291606.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291607.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291610.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291611.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291614.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291616.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291618.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291621.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291624.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291627.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291630.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291633.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291636.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291639.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291642.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291645.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291648.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291651.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291654.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291657.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291660.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291663.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291666.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291669.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291672.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291675.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291678.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291681.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291684.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291687.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291690.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291693.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291696.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291699.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291702.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291705.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291708.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291711.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291714.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291717.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291720.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291723.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291726.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291729.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291732.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291735.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291737.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291740.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291743.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291746.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291749.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291752.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00291756.ZIP infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292011.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292017 infected by "Trojan.Win32.Qhost.y" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292023.ZIP infected by "Trojan-Spy.Win32.Briss.h" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292025.ZIP infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292031.ZIP infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292033.ZIP infected by "Trojan-Downloader.Win32.IstBar.fr" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292034.ZIP infected by "Trojan-Downloader.Win32.Esepor.u" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292431.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292432.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292436.CAB infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292438.DLL infected by "not-a-virus:AdWare.Sahat.q" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292547.EXE infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292690.exe infected by "Trojan-Downloader.Win32.Small.gl" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00292691.cab infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP11\A0003259.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP13\A0004569.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP13\A0004570.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP13\A0004571.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP13\A0004572.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NTInvisible.dll tagged as not-a-virus:RiskWare.Monitor.SpyAgent.44103. No Action Taken.
File D:\Music\English\Stevie Wonder\spyagent5.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\System Volume Information\_restore{DC7477D4-6BB2-473B-9A22-37AAC0DC8AEF}\RP11\A0003534.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


hope things turn out to be better soon

thanks
  • 0

#12
Daemon
Posted 17 April 2005 - 12:55 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looks good. Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer.

Then follow this sequence:

1. Right-click My Computer>Click Properties>Click the System Restore tab>Check the box next to 'Turn off System Restore on all drives'>Click Apply>Click OK.

2. Reboot.

3. Repeat the process but this time remove the check from the box.

Post a new HJT log when done.
  • 0

#13
sunny441
Posted 17 April 2005 - 03:06 PM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Alright Chief!!!

Here is the latest Hijack This log after doing all the stuff you wanted me to do!! My computer is running well and i have had no problems whatsoever

Logfile of HijackThis v1.99.1
Scan saved at 5:04:47 PM, on 4/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack this\HijackThis.exe

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spoide - Unknown owner - C:\WINDOWS\System32\exe2bin.exe
  • 0

#14
Daemon
Posted 17 April 2005 - 05:25 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please find, zip and send this file:

C:\WINDOWS\System32\exe2bin.exe

to this e-mail address including a link to this thread in the body of the email. It may be OK but I'd like to take a closer look at it - I'll get back to you about it if any further action is required.
  • 0

#15
sunny441
Posted 17 April 2005 - 06:46 PM

sunny441

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Am sending it in right away...

cheers
:tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP