This topic is locked
Vundo... [RESOLVED]
Started by
Cathy J
, Jan 25 2008 05:30 PM
#16
Posted 26 January 2008 - 01:11 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
#17
Posted 26 January 2008 - 02:31 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Got it thanks.
Me likey 311 and family.
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Me likey 311 and family.
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Folder::
C:\Temp\tn3
C:\Program Files\Dot1XCfg
C:\WINDOWS\system32\winzs6
C:\WINDOWS\system32\nui4
C:\WINDOWS\system32\extz1
C:\WINDOWS\system32\nGpxx01
C:\Program Files\Online Services\hokeqori
RenV::
C:\Program Files\Trend Micro\Internet Security 2006\PCCGUIDE .EXE
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\p33.sys
C:\WINDOWS\system32\winzs6\renamd83122.exe.dll
Driver::
p33
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95A88EB2-E93B-4C4E-9382-A87371CEE7BB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccabax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
#18
Posted 26 January 2008 - 02:42 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
and doing this while in safe mode is ok??? i think I am keeping you on your geek toes with this one 
Thats only because I am a dork..... 
Thats only because I am a dork.....
#19
Posted 26 January 2008 - 02:44 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
That will work fine. 
Is it that you cannot boot into normal mode?
Is it that you cannot boot into normal mode?
#20
Posted 26 January 2008 - 03:37 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:04 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200680831906
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 3390 bytes
Scan saved at 3:35:04 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200680831906
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 3390 bytes
#21
Posted 26 January 2008 - 03:38 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
ComboFix 08-01-23.1C - Administrator 2008-01-26 15:24:51.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.812 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\p33.sys
C:\WINDOWS\system32\winzs6\renamd83122.exe.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Dot1XCfg
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\p33.sys
C:\WINDOWS\system32\extz1
C:\WINDOWS\system32\extz1\lovstadcom2.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nui4
C:\WINDOWS\system32\winzs6
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_P33
-------\p33
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-25 22:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 17:02 . 2008-01-24 17:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-23 19:28 . 2008-01-25 19:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 17:44 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-23 17:38 . 2008-01-26 15:26 <DIR> d-------- C:\Temp
2008-01-23 17:33 . 2008-01-23 17:33 <DIR> d-------- C:\WINDOWS\Sun
2008-01-23 14:58 . 2008-01-23 14:58 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-23 13:42 . 2008-01-23 13:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-23 13:40 . 2008-01-23 15:09 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 13:40 . 2008-01-23 15:09 88 -r-hs---- C:\WINDOWS\system32\DC33CEBC5D.sys
2008-01-21 19:07 . 2008-01-21 19:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 19:07 . 2008-01-21 19:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 12:28 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-18 12:28 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-18 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-18 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-18 12:27 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-09 08:13 . 2008-01-09 08:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-09 08:12 . 2008-01-09 08:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 16:06 . 2008-01-02 16:06 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-27 22:27 . 2007-12-27 22:27 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-27 22:26 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-27 20:01 . 2007-12-27 20:01 <DIR> d-------- C:\Program Files\Common Files\HP
2007-12-27 19:59 . 2007-12-27 19:59 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-27 19:58 . 2007-12-27 19:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-27 19:56 . 2005-03-07 22:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-27 19:56 . 2005-03-07 22:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-12-27 19:56 . 2005-03-07 22:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-27 19:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-27 19:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-27 19:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-27 19:55 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-27 19:55 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-27 19:55 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-27 19:55 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-27 19:55 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-27 19:55 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-27 19:55 . 2007-12-27 19:55 4,128 --a------ C:\INFCACHE.1
2007-12-27 19:53 . 2007-12-27 20:03 <DIR> d-------- C:\Program Files\HP
2007-12-27 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-27 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-27 19:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-27 19:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-27 19:52 . 2007-12-27 20:13 112,396 --a------ C:\WINDOWS\hpoins07.dat
2007-12-27 19:52 . 2005-05-24 00:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2007-12-27 16:34 . 2007-12-27 16:34 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-27 16:16 . 2007-12-27 16:16 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-27 16:14 . 2008-01-23 20:28 <DIR> d-------- C:\Program Files\DellSupport
2007-12-27 16:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-27 16:04 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-27 16:04 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-27 16:04 . 2007-12-27 16:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 02:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 02:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-27 22:20 --------- d-----w C:\Program Files\MUSICMATCH
2007-12-27 22:16 --------- d-----w C:\Program Files\Common Files\AOL
.
((((((((((((((((((((((((((((( snapshot@2008-01-26_10.10.30.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 04:13:45 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 21:24:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 04:13:45 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 21:24:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 04:13:45 737,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 21:24:44 749,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2004-08-10 10:00:00 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-01-24 20:03:41 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2008-01-25 18:58 897089]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:27:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 15:30:26 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-26 21:30:23
ComboFix2.txt 2008-01-26 16:12:59
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.812 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\p33.sys
C:\WINDOWS\system32\winzs6\renamd83122.exe.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Dot1XCfg
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\p33.sys
C:\WINDOWS\system32\extz1
C:\WINDOWS\system32\extz1\lovstadcom2.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nui4
C:\WINDOWS\system32\winzs6
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_P33
-------\p33
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-25 22:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 17:02 . 2008-01-24 17:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-23 19:28 . 2008-01-25 19:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 17:44 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-23 17:38 . 2008-01-26 15:26 <DIR> d-------- C:\Temp
2008-01-23 17:33 . 2008-01-23 17:33 <DIR> d-------- C:\WINDOWS\Sun
2008-01-23 14:58 . 2008-01-23 14:58 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-23 13:42 . 2008-01-23 13:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-23 13:40 . 2008-01-23 15:09 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 13:40 . 2008-01-23 15:09 88 -r-hs---- C:\WINDOWS\system32\DC33CEBC5D.sys
2008-01-21 19:07 . 2008-01-21 19:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 19:07 . 2008-01-21 19:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 12:28 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-18 12:28 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-18 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-18 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-18 12:27 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-09 08:13 . 2008-01-09 08:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-09 08:12 . 2008-01-09 08:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 16:06 . 2008-01-02 16:06 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-27 22:27 . 2007-12-27 22:27 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-27 22:26 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-27 20:01 . 2007-12-27 20:01 <DIR> d-------- C:\Program Files\Common Files\HP
2007-12-27 19:59 . 2007-12-27 19:59 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-27 19:58 . 2007-12-27 19:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-27 19:56 . 2005-03-07 22:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-27 19:56 . 2005-03-07 22:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-12-27 19:56 . 2005-03-07 22:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-12-27 19:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-27 19:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-27 19:55 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-27 19:55 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-27 19:55 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-27 19:55 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-27 19:55 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-27 19:55 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-27 19:55 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-27 19:55 . 2007-12-27 19:55 4,128 --a------ C:\INFCACHE.1
2007-12-27 19:53 . 2007-12-27 20:03 <DIR> d-------- C:\Program Files\HP
2007-12-27 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-27 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-27 19:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-27 19:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-27 19:52 . 2007-12-27 20:13 112,396 --a------ C:\WINDOWS\hpoins07.dat
2007-12-27 19:52 . 2005-05-24 00:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2007-12-27 16:34 . 2007-12-27 16:34 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-27 16:16 . 2007-12-27 16:16 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-27 16:14 . 2008-01-23 20:28 <DIR> d-------- C:\Program Files\DellSupport
2007-12-27 16:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-27 16:04 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-27 16:04 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-27 16:04 . 2007-12-27 16:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 02:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 02:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-27 22:20 --------- d-----w C:\Program Files\MUSICMATCH
2007-12-27 22:16 --------- d-----w C:\Program Files\Common Files\AOL
.
((((((((((((((((((((((((((((( snapshot@2008-01-26_10.10.30.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 04:13:45 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 21:24:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 04:13:45 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 21:24:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 04:13:45 737,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 21:24:44 749,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 04:13:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 21:24:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2004-08-10 10:00:00 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-01-24 20:03:41 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2008-01-25 18:58 897089]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:27:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 15:30:26 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-01-26 21:30:23
ComboFix2.txt 2008-01-26 16:12:59
#22
Posted 26 January 2008 - 03:41 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
This can be ran and installed in Safe mode.
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
- Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - Make sure that Set all elements to: shows Quarantine <== This is important
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
#23
Posted 26 January 2008 - 03:46 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
I can reboot in normal mode. I am just scared too because the last time that I did about a million pop ups started all at once. Do you think it is ok to do that now? 
Also...for some reason it sent my logs also to beeping computer or bleeping computer or something???????????? Is that bad? I have a feeling it may be. I just know I am going to mess something up here. 
Also...for some reason it sent my logs also to beeping computer or bleeping computer or something???????????? Is that bad? I have a feeling it may be. I just know I am going to mess something up here.
#24
Posted 26 January 2008 - 03:56 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
So, do I need the AVG? I have a current subscription with Trend micro....I had to reload the 2006 disk because when I set my computer back to original settings in Dec I used avast for awhile. I was going to upgrade to the 2008 PC Cillin because that is what I had until last month. Also I havent done my windows updates since the I reset the computer. Was going to do all that before this happened. ?????What you think? Safe to do my updates now? Stay with my PC Cillin until my subscription runs out in oct ???? Am I asking way too many questions?
#25
Posted 26 January 2008 - 04:03 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Bleeping Computer is safe it did that to help with updating Combofix.
It takes Virus samples and sends them to the maker of the Combofix.
The AVG I am having you download is an antispyware program and we will only need it temporarily.
Please follow those instructions and then reboot back into normal mode when you are done.
AVG will clean what I cannot see if anything is left.
You should have no more popups.
I recommend a free antivirus as you can see you can get infected either way .>AVG Free or AVast is fine.
Save your money.
Don't do any updates until you are clean.
I will let you know when it is ok.
If you have any questions please ask.
You haven't messed up anything.
Just follow my instructions and you will be back to safe surfing
It takes Virus samples and sends them to the maker of the Combofix.
The AVG I am having you download is an antispyware program and we will only need it temporarily.
Please follow those instructions and then reboot back into normal mode when you are done.
AVG will clean what I cannot see if anything is left.
You should have no more popups.
I recommend a free antivirus as you can see you can get infected either way .>AVG Free or AVast is fine.
Save your money.
Don't do any updates until you are clean.
I will let you know when it is ok.
If you have any questions please ask.
You haven't messed up anything.
Just follow my instructions and you will be back to safe surfing
#26
Posted 26 January 2008 - 04:16 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
I feel so silly...so after i save avg to my desktop do i just update or run a scan and update? It says to run a scan and update...but then I think you said to wait to run a scan as we would do that later?
#27
Posted 26 January 2008 - 04:41 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Update it first then run a scan.
When the scan is done it will say at the bottom.
Recommended action.
Click on that line and change it to Quarantine.
Then hit apply action.
Hit yes on any prompt.
After it does it's job Hit save log.
Save it somewhere that is easy to find to post here in your next reply.
When the scan is done it will say at the bottom.
Recommended action.
Click on that line and change it to Quarantine.
Then hit apply action.
Hit yes on any prompt.
After it does it's job Hit save log.
Save it somewhere that is easy to find to post here in your next reply.
#28
Posted 26 January 2008 - 05:21 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
Here are the reports of the avg scan. I am still in safe mode so I will wait for you to tell me when it is safe to reboot in normal....you are so great by the way! I appreciate it more than you know You have helped me sooooo much. I will wait to see what you say about the results....I'll BE HERE AWHILE....AIN'T GOING NOWHERE! Little bit of 311 lyrics for ya! 
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:10 2008-01-26
+ Scan result:
C:\QooBox\Quarantine\C\WINDOWS\system32\geebx.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0001961.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0001964.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002963.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002964.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002966.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002967.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002968.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002969.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002970.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002971.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002972.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002973.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002974.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002975.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002976.EXE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002977.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002978.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002980.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003137.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003151.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003160.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003166.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004167.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004173.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004207.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004216.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004220.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004237.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004256.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004271.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004289.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004296.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004302.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004308.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005318.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005338.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006350.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006359.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006361.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006370.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008400.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008402.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP30\A0008562.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008575.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008598.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008600.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009598.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009600.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009621.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009635.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009649.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009657.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009663.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009670.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009676.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
You have helped me sooooo much. I will wait to see what you say about the results....I'll BE HERE AWHILE....AIN'T GOING NOWHERE! Little bit of 311 lyrics for ya! ---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:10 2008-01-26
+ Scan result:
C:\QooBox\Quarantine\C\WINDOWS\system32\geebx.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0001961.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0001964.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002963.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002964.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002966.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002967.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002968.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002969.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002970.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002971.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002972.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002973.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002974.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002975.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002976.EXE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002977.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002978.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0002980.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003137.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003151.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003160.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0003166.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004167.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004173.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004207.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004216.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004220.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004237.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004256.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004271.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004289.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004296.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004302.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0004308.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005318.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0005338.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006350.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006359.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006361.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0006370.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008400.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0008402.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP30\A0008562.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008575.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008598.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0008600.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009598.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009600.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009621.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009635.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009649.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009657.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009663.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009670.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP31\A0009676.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy smith@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6aglbvq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Cathy Smith\Cookies\cathy [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
#29
Posted 26 January 2008 - 05:27 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
I'll BE HERE AWHILE....AIN'T GOING NOWHERE!
Thanks you are doing well.
Go ahead and boot into normal mode it will be safe.
Then Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Edited by kahdah, 26 January 2008 - 05:28 PM.
#30
Posted 26 January 2008 - 05:36 PM
Cathy J
- Topic Starter
-
- Member
-
- 57 posts
Member
See you soon...going to try to make it back in the normal mode (is there really such a thing?) If you dont see me again its because my computer blew up! No I have trust in you that I will be back after I do as you said....see ya soon Mr Geek hero!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
