Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Doctor and other possible problems


  • Please log in to reply

#1
myllsa

myllsa

    New Member

  • Member
  • Pip
  • 1 posts
My computer got several infections. I went through all of the steps in the pre-post directions. I am not sure what all is left over. I know that the System Doctor is still causing problems and I keep seeing something about "virusburst fakealert". Please help me get my computer back to normal. Thank you!!!


Logfile of HijackThis v1.99.1
Scan saved at 11:33:23 AM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1154365368\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\SystemDoctor Free\sdmain.exe
C:\Program Files\Common Files\SystemDoctor\DNSE.exe
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
c:\program files\common files\aol\1154365368\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154365368\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T3516
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154365368\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SystemDoctor Free] "C:\Program Files\SystemDoctor Free\sdmain.exe" /min
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MeMe] "C:\Program Files\MeMe\MeMe.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19985B27-94B2-4958-B054-70ECD6A7F2E9}: NameServer = 205.188.146.145
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


THIS IS ANOTHER SCAN THAT I DID...

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\USDR6_7777_BHLP0611\installer.exe
Virus:Generic Malware Disinfected C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll


SUPERAntiSpyware Scan Log
Generated 08/01/2007 at 09:29 PM

Application Version : 3.6.1000

Core Rules Database Version : 3277
Trace Rules Database Version: 1288

Scan type : Complete Scan
Total Scan Time : 00:26:57

Memory items scanned : 689
Memory threats detected : 5
Registry items scanned : 5419
Registry threats detected : 68
File items scanned : 25734
File threats detected : 187

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\GTAWCLV.DLL
C:\WINDOWS\SYSTEM32\GTAWCLV.DLL
HKLM\Software\Classes\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}\InProcServer32
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{e71aba09-d81a-4876-baa3-df133c1dfc48}

Trojan.Media-Codec/V3
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
HKLM\Software\Classes\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKLM\Software\Classes\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}#xxx
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
C:\Program Files\Video ActiveX Access\iesbunst.exe
C:\Program Files\Video ActiveX Access\iesunst.exe
C:\Program Files\Video ActiveX Access\ot.ico
C:\Program Files\Video ActiveX Access\ts.ico
C:\Program Files\Video ActiveX Access
C:\WINDOWS\Prefetch\IESMN.EXE-033DF62E.pf
C:\WINDOWS\Prefetch\IMSMAIN.EXE-0F631905.pf

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Malware.VirusRescue
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid32
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib#Version

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

Trojan.Media-Codec/V2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayVersion

Malware.DrAntiSpy
C:\Program Files\DrAntispy\DrAntispy.lic
C:\Program Files\DrAntispy\Uninstall.exe
C:\Program Files\DrAntispy

Malware.VirusProtectPro
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\aedxqdtpwh
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ibjSFewykZAm
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Pxbrb
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\tleQNi
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\tsepzpTbfmf
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\vdskgaayomjW
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\veyaedbAfh
C:\Program Files\VirusProtectPro 3.5\vpp.ini
C:\Program Files\VirusProtectPro 3.5

Malware.VirusRanger
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#ThreadingModel
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\kkvMyMsxe
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\oQYvo
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ssTmdvguKeEE
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\uqRmK
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\wwfweaxqosdi
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\yNggie
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\yWhphhf
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid32
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib#Version
C:\Program Files\VirusRanger\result.lst
C:\Program Files\VirusRanger\sdebug.log
C:\Program Files\VirusRanger\updater.plb
C:\Program Files\VirusRanger\vrext.dll
C:\Program Files\VirusRanger

Browser Hijacker.Favorites
C:\RECYCLER\S-1-5-21-3510669819-3275758053-2822232158-1003\DC21.URL
C:\RECYCLER\S-1-5-21-3510669819-3275758053-2822232158-1003\DC22.URL





OK I think this is all of the information that you asked for. Please let me know what I can do.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP