Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help removing cyberstroll [RESOLVED]

Started by northerndoll , Feb 17 2008 02:27 PM

  • This topic is locked This topic is locked

#16
kahdah
Posted 17 February 2008 - 09:38 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok sleep well it is almost over.
:)
  • 0

Advertisements

#17
northerndoll
Posted 18 February 2008 - 11:29 AM

northerndoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Good morning, sorry about being so abrupt last night. After the scan froze I gave up and just wanted to go to bed. Anyhow, I started the scan at 845am and it complete. Here is the text.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 12:27:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570716
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 87316
Number of viruses found: 25
Number of infected objects: 67
Number of suspicious objects: 0
Duration of the scan process: 01:46:52

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66AB4D5C.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18687A33.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D032F22.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\689373E7.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68FD0221.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A2918D7.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77300D91.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A336F38.htm Infected: Trojan-Downloader.HTML.Agent.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28936128.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Desktop\Downloads\DeliciousSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Angie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Angie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\MSHist012008021820080219\index.dat Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\B5X6IMJW\CAOLE7OD.gif Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\~DF46E9.tmp Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\~DF6AE7.tmp Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\~DF6DC9.tmp Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\~DFBE61.tmp Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\~DFBE76.tmp Object is locked skipped
C:\Documents and Settings\Angie\Local Settings\Temp\Perflib_Perfdata_75c.dat Object is locked skipped
C:\Documents and Settings\Angie\Desktop\lime\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Angie\Desktop\lime\fat loss 4 idiots.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\Documents and Settings\Angie\Desktop\lime\fat loss 4 idiots.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/bin/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/bin/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/bin/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/bin/setup.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/res/bann.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/res/bann.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip/res/bann.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip ZIP: infected - 7 skipped
C:\Documents and Settings\Angie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101437.exe.bac_a02848/data0002 Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101437.exe.bac_a02848 NSIS: infected - 1 skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101437.exe.bac_a02848 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101165.DLL.bac_a02848 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101162.dll.bac_a02848 Infected: not-a-virus:AdWare.Win32.TrafficSol.t skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\ChocolatierSetup-dm[1].exe.bac_a02848 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Angie\.housecall6.6\Quarantine\A0101757.exe.bac_a03748 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Angie.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Angie.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Angie.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\Savrt\0448NAV~.TMP Object is locked skipped
C:\Program Files\Yahoo!\NAV\Savrt\0742NAV~.TMP Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVVirus.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVApp.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVError.log Object is locked skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101122.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101123.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101124.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101131.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101133.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101134.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101135.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101136.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101137.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101138.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101139.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101140.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101141.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101142.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101143.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101145.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101147.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101149.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101150.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101151.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101153.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101154.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101155.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101163.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101164.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101166.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101167.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101168.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101169.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101170.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP120\A0101171.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP121\A0101421.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP126\A0101998.DLL Infected: Trojan.Win32.Pakes.cdw skipped
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP126\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\cjechbnj.dat.vir Infected: Rootkit.Win32.Agent.aap skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\d3dr.dll.vir Infected: Trojan.Win32.Pakes.cdw skipped
C:\QooBox\Quarantine\catchme2008-02-17_200852.95.zip/cjechbnj.dat Infected: Rootkit.Win32.Agent.aap skipped
C:\QooBox\Quarantine\catchme2008-02-17_200852.95.zip/cjechbnj.dat.1 Infected: Rootkit.Win32.Agent.aap skipped
C:\QooBox\Quarantine\catchme2008-02-17_200852.95.zip/d3dr.dll Infected: Trojan.Win32.Pakes.cdw skipped
C:\QooBox\Quarantine\catchme2008-02-17_200852.95.zip ZIP: infected - 3 skipped

Scan process completed.
  • 0

#18
kahdah
Posted 18 February 2008 - 06:23 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No problem a few more steps and you are on your way. :)

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\All Users\Desktop\Downloads\DeliciousSetup-dm[1].exe 
C:\Documents and Settings\Angie\Desktop\lime\Eighties classic.wma
C:\Documents and Settings\Angie\Desktop\lime\fat loss 4 idiots.zip
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip
C:\Documents and Settings\Angie\.housecall6.6\Quarantine
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#19
northerndoll
Posted 18 February 2008 - 08:14 PM

northerndoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hi, just got home....


C:\Documents and Settings\All Users\Desktop\Downloads\DeliciousSetup-dm[1].exe moved successfully.
C:\Documents and Settings\Angie\Desktop\lime\Eighties classic.wma moved successfully.
C:\Documents and Settings\Angie\Desktop\lime\fat loss 4 idiots.zip moved successfully.
C:\Documents and Settings\Angie\Desktop\lime\[Full] fat loss 4 idiots with Bonus.zip moved successfully.
C:\Documents and Settings\Angie\.housecall6.6\Quarantine moved successfully.

OTMoveIt2 v1.0.20 log created on 02182008_211426
  • 0

#20
kahdah
Posted 18 February 2008 - 08:31 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.

You can delete that after it merges.
=====================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.


Doing the above removes what Kaspersky found

Also delete anything that we used that is left over.
===================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#21
northerndoll
Posted 18 February 2008 - 08:38 PM

northerndoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
got it all but not sure how to clean system restore points sorry
  • 0

#22
kahdah
Posted 18 February 2008 - 08:43 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
When you uninstalled Combofix it automatically does that for you.
You are good to go. :)
  • 0

#23
northerndoll
Posted 18 February 2008 - 08:45 PM

northerndoll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
That is totally awesome, thank you so much. I really appreciate the help. I was dreading doing a full system restore.
  • 0

#24
kahdah
Posted 18 February 2008 - 08:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#25
kahdah
Posted 18 February 2008 - 08:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP