- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\QuickTime\bak
C:\Program Files\PC Tools AntiVirus\bak
C:\Program Files\iTunes\bak
C:\WINDOWS\system32\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Logitech\QCDriver\bak
C:\Program Files\Java\jre1.5.0_06\bin\bak
C:\Program Files\Ahead\Ahead\data\Xtras\bak
C:\Program Files\Messenger\Bak
- Double-click on the FindAWF.exe file to run it.
- It will open a command prompt and ask you to "Press any key to continue".
- You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT - Press 3, then press Enter.
- Press any key to continue.
- A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
- Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
- The program will proceed to remove the bad folders and will perform another scan for .bak folder
- It may take a few minutes to complete so be patient.
- When it is complete, it will open a text file in notepad called AWF.txt.
- Please copy and paste the contents of the AWF.txt file in your next reply.
Serious Malware and Trojan Problem [RESOLVED]
Started by
Jaereloaded
, Feb 23 2008 08:32 PM
-
This topic is locked
#16
Posted 24 February 2008 - 03:27 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
#17
Posted 24 February 2008 - 03:35 PM
Jaereloaded
- Topic Starter
-
- Member
-
- 22 posts
Member
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Mon 02/25/2008
The current time is: 16:33:08.05
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
Version 1.40
Option 3 run successfully
The current date is: Mon 02/25/2008
The current time is: 16:33:08.05
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
#18
Posted 24 February 2008 - 03:37 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Great almost there. 
Please go HERE to run Panda's TotalScan
Please go HERE to run Panda's TotalScan
- Select the bubble for Full scan
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- Then the scan will begin
- When the scan completes, click the Save button on the right of Scan details
- Save it to a convenient location. Post the contents of the TotalScan report
#19
Posted 24 February 2008 - 05:46 PM
Jaereloaded
- Topic Starter
-
- Member
-
- 22 posts
Member
The following is the results from the Scan...
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-02-25 18:44:16
PROTECTIONS: 1
MALWARE: 78
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
McAfee VirusScan Professional Edition 7.00.5000 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_aqxqfs.log
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_xsyoer.log
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25
00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\sacc
00040527 spyware/surfsidekick Spyware No 1 Yes No c:\documents and settings\jamael\local settings\temporary internet files\ssk.log
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[3].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131681.EXE
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131682.EXE
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[3].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@linksynergy[2].txt
00157556 Adware/Look2Me Adware No 0 Yes No C:\WINDOWS\SYSTEM32\GUARD.TMP
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.xiti.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.apmebf.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[www.burstbeacon.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\jamael@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.adrevolver.com/]
00186561 Cookie/Banner TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@banner[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.target.com/]
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00235342 Adware/IST.ISTBar Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131669.EXE
00235589 Adware/SearchExe Adware No 0 Yes No C:\WINDOWS\SYSTEM32\NDBFAKMA.TMP
00235837 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128617.EXE
00235840 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128615.TLB
00235864 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128614.EXE
00236734 Adware/SearchAid Adware No 0 Yes No C:\WINDOWS\PUGJFT.DAT
00236734 Adware/SearchAid Adware No 0 Yes No C:\WINDOWS\VTTOWP.DAT
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[4].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\jamael@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
00284829 Adware/InstaFinder Adware No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131677.DLL
00285003 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\RUN2.EXE
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00290373 Adware/MediaTickets Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146559.EXE
00290373 Adware/MediaTickets Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\Cowabanga\uninstaller.exe.vir
00291699 Adware/PurityScan Adware No 0 No No C:\WINDOWS\RUN2.EXE[Cowabanga.exe]
00299464 Trj/Banker.CZI Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128612.EXE
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00359247 W32/Bagle.KY.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131680.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147949.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP666\A0123319.RBF
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP670\A0125865.RBF
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147946.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP678\A0127688.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP680\A0128043.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP696\A0137910.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147951.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147950.EXE
00364273 Trj/Downloader.MKI Virus/Trojan No 1 Yes No C:\Deckard\System Scanner\BACKUP\WINDOWS\TEMP\JA.EXE
00512064 Trj/Multidropper.RCP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131683.EXE
00512065 Trj/Multidropper.RCP Virus/Trojan No 0 Yes No C:\WINDOWS\KTFSEC32.EXE
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131730.EXE
00520005 Trj/Downloader.NUS Virus/Trojan No 0 Yes No C:\FOUND.018\FILE0013.CHK
00570717 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\NTLUYA.DAT
00570717 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\ORXJZZ.DAT
00575017 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128613.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147617.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147631.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146558.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146604.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jamael\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146622.COM
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0147611.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jamael\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147651.COM
02141683 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131678.DLL
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131729.EXE
02381995 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131679.OLD
02882168 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0144967.EXE
02882168 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135474.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146597.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147626.SYS
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121093.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121089.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121090.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121091.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121092.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121096.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121094.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121095.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP672\A0126142.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121097.EXE
02890506 Rootkit/Agent.HPM Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0144961.SYS
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146577.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rhbdfgih.dll.vir
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP683\A0128577.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-02-24_232330.55.zip[sbglanqc.dll]
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0147597.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP683\A0128578.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sbglanqc.dll.vir
02896106 Trj/Downloader.SGU Virus/Trojan No 1 Yes No C:\FOUND.018\FILE0001.CHK
02896106 Trj/Downloader.SGU Virus/Trojan No 1 Yes No C:\FOUND.018\FILE0000.CHK
02898875 Application/MalwareAlarm HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP689\A0132998.DLL
02900824 Rootkit/Spammer.AFN HackTools No 0 Yes No C:\FOUND.018\FILE0003.CHK
02900824 Rootkit/Spammer.AFN HackTools No 0 Yes No C:\FOUND.018\FILE0004.CHK
02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-02-24_232330.55.zip[tuvvttq.dll]
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jqwioprh.dll.vir
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146572.DLL
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rgqubetp.dll.vir
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146576.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP696\A0137961.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ccpbdktm.dll.vir
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146565.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0145018.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvcumkxh.dll.vir
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146575.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135292.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP698\A0139009.DLL
02902325 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP693\A0134236.EXE
02902325 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135481.EXE
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146570.DLL
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135493.DLL
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hseahpeo.dll.vir
02902392 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP689\A0133977.DLL
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135459.DLL
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kowdvehj.dll.vir
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146574.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-02-25 18:44:16
PROTECTIONS: 1
MALWARE: 78
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
McAfee VirusScan Professional Edition 7.00.5000 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_aqxqfs.log
00013512 adware/searchaid Adware No 0 Yes No c:\windows\n_xsyoer.log
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25
00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\sacc
00040527 spyware/surfsidekick Spyware No 1 Yes No c:\documents and settings\jamael\local settings\temporary internet files\ssk.log
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[3].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131681.EXE
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131682.EXE
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[3].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@linksynergy[2].txt
00157556 Adware/Look2Me Adware No 0 Yes No C:\WINDOWS\SYSTEM32\GUARD.TMP
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.xiti.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.apmebf.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[www.burstbeacon.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\jamael@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Cookies\jamael@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.adrevolver.com/]
00186561 Cookie/Banner TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@banner[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jamael\Application Data\Mozilla\Firefox\Profiles\s7w0717w.default\COOKIES.TXT[.target.com/]
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00235342 Adware/IST.ISTBar Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131669.EXE
00235589 Adware/SearchExe Adware No 0 Yes No C:\WINDOWS\SYSTEM32\NDBFAKMA.TMP
00235837 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128617.EXE
00235840 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128615.TLB
00235864 Trj/Zlob.AE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128614.EXE
00236734 Adware/SearchAid Adware No 0 Yes No C:\WINDOWS\PUGJFT.DAT
00236734 Adware/SearchAid Adware No 0 Yes No C:\WINDOWS\VTTOWP.DAT
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[4].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Deckard\System Scanner\BACKUP\DOCUME~1\Jamael\LOCALS~1\Temp\Cookies\jamael@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
00284829 Adware/InstaFinder Adware No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131677.DLL
00285003 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\RUN2.EXE
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00290373 Adware/MediaTickets Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146559.EXE
00290373 Adware/MediaTickets Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\Cowabanga\uninstaller.exe.vir
00291699 Adware/PurityScan Adware No 0 No No C:\WINDOWS\RUN2.EXE[Cowabanga.exe]
00299464 Trj/Banker.CZI Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128612.EXE
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ihtqviq6.default\COOKIES.TXT[citi.bridgetrack.com/]
00359247 W32/Bagle.KY.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131680.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147949.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP666\A0123319.RBF
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP670\A0125865.RBF
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147946.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP678\A0127688.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP680\A0128043.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP696\A0137910.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147951.EXE
00362786 Trj/KillAV.FG Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP712\A0147950.EXE
00364273 Trj/Downloader.MKI Virus/Trojan No 1 Yes No C:\Deckard\System Scanner\BACKUP\WINDOWS\TEMP\JA.EXE
00512064 Trj/Multidropper.RCP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131683.EXE
00512065 Trj/Multidropper.RCP Virus/Trojan No 0 Yes No C:\WINDOWS\KTFSEC32.EXE
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131730.EXE
00520005 Trj/Downloader.NUS Virus/Trojan No 0 Yes No C:\FOUND.018\FILE0013.CHK
00570717 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\NTLUYA.DAT
00570717 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\ORXJZZ.DAT
00575017 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP685\A0128613.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147617.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147631.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146558.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146604.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jamael\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146622.COM
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0147611.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jamael\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147651.COM
02141683 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131678.DLL
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131729.EXE
02381995 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP686\A0131679.OLD
02882168 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0144967.EXE
02882168 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135474.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146597.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP706\A0147626.SYS
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121093.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121089.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121090.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121091.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121092.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121096.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121094.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121095.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP672\A0126142.EXE
02888563 Trj/SpyForms.BJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP652\A0121097.EXE
02890506 Rootkit/Agent.HPM Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0144961.SYS
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146577.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rhbdfgih.dll.vir
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP683\A0128577.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-02-24_232330.55.zip[sbglanqc.dll]
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0147597.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP683\A0128578.DLL
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sbglanqc.dll.vir
02896106 Trj/Downloader.SGU Virus/Trojan No 1 Yes No C:\FOUND.018\FILE0001.CHK
02896106 Trj/Downloader.SGU Virus/Trojan No 1 Yes No C:\FOUND.018\FILE0000.CHK
02898875 Application/MalwareAlarm HackTools No 0 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP689\A0132998.DLL
02900824 Rootkit/Spammer.AFN HackTools No 0 Yes No C:\FOUND.018\FILE0003.CHK
02900824 Rootkit/Spammer.AFN HackTools No 0 Yes No C:\FOUND.018\FILE0004.CHK
02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-02-24_232330.55.zip[tuvvttq.dll]
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jqwioprh.dll.vir
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146572.DLL
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rgqubetp.dll.vir
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146576.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP696\A0137961.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ccpbdktm.dll.vir
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146565.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP700\A0145018.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvcumkxh.dll.vir
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146575.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135292.DLL
02902161 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP698\A0139009.DLL
02902325 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP693\A0134236.EXE
02902325 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135481.EXE
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146570.DLL
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135493.DLL
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hseahpeo.dll.vir
02902392 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP689\A0133977.DLL
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP695\A0135459.DLL
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kowdvehj.dll.vir
02902393 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{257993A2-B5CD-4F21-9E03-EACF1A4AED40}\RP705\A0146574.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
Edited by Jaereloaded, 24 February 2008 - 05:49 PM.
#20
Posted 24 February 2008 - 05:57 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.
=====================
Post back with a new Hijackthis log and the OTMove it 2 log and let me know how it is running?
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
c:\windows\n_aqxqfs.log c:\windows\n_xsyoer.log hkey_local_machine\software\classes\adm4.adm4 hkey_classes_root\adm4.adm4.1 hkey_classes_root\adm4.adm4 hkey_classes_root\adm25.adm25.1 hkey_local_machine\software\classes\appid\adm.exe hkey_local_machine\software\classes\appid\altnet signing module.exe hkey_classes_root\appid\adm.exe hkey_local_machine\software\classes\adm25.adm25 hkey_classes_root\adm25.adm25 hkey_local_machine\software\sacc c:\documents and settings\jamael\local settings\temporary internet files\ssk.log C:\WINDOWS\SYSTEM32\GUARD.TMP hkey_current_user\software\need2find c:\program files\need2find hkey_local_machine\software\need2find C:\WINDOWS\SYSTEM32\NDBFAKMA.TMP C:\WINDOWS\PUGJFT.DAT C:\WINDOWS\VTTOWP.DAT C:\WINDOWS\RUN2.EXE C:\WINDOWS\KTFSEC32.EXE C:\FOUND.018 C:\WINDOWS\NTLUYA.DAT C:\WINDOWS\ORXJZZ.DAT
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
=====================
Post back with a new Hijackthis log and the OTMove it 2 log and let me know how it is running?
#21
Posted 24 February 2008 - 06:05 PM
Jaereloaded
- Topic Starter
-
- Member
-
- 22 posts
Member
[Custom Input]
< c:\windows\n_aqxqfs.log >
c:\windows\n_aqxqfs.log moved successfully.
< c:\windows\n_xsyoer.log >
c:\windows\n_xsyoer.log moved successfully.
< hkey_local_machine\software\classes\adm4.adm4 >
Registry key hkey_local_machine\software\classes\adm4.adm4\\ deleted successfully.
< hkey_classes_root\adm4.adm4.1 >
Registry key hkey_classes_root\adm4.adm4.1\\ not found.
< hkey_classes_root\adm4.adm4 >
Registry key hkey_classes_root\adm4.adm4\\ not found.
< hkey_classes_root\adm25.adm25.1 >
Registry key hkey_classes_root\adm25.adm25.1\\ not found.
< hkey_local_machine\software\classes\appid\adm.exe >
Registry key hkey_local_machine\software\classes\appid\adm.exe\\ deleted successfully.
< hkey_local_machine\software\classes\appid\altnet signing module.exe >
Registry key hkey_local_machine\software\classes\appid\altnet signing module.exe\\ deleted successfully.
< hkey_classes_root\appid\adm.exe >
Registry key hkey_classes_root\appid\adm.exe\\ not found.
< hkey_local_machine\software\classes\adm25.adm25 >
Registry key hkey_local_machine\software\classes\adm25.adm25\\ deleted successfully.
< hkey_classes_root\adm25.adm25 >
Registry key hkey_classes_root\adm25.adm25\\ not found.
< hkey_local_machine\software\sacc >
Registry key hkey_local_machine\software\sacc\\ deleted successfully.
< c:\documents and settings\jamael\local settings\temporary internet files\ssk.log >
c:\documents and settings\jamael\local settings\temporary internet files\Ssk.log moved successfully.
< C:\WINDOWS\SYSTEM32\GUARD.TMP >
C:\WINDOWS\SYSTEM32\guard.tmp moved successfully.
< hkey_current_user\software\need2find >
Registry key hkey_current_user\software\need2find\\ deleted successfully.
< c:\program files\need2find >
c:\program files\Need2Find\bar\History moved successfully.
c:\program files\Need2Find\bar\Settings moved successfully.
c:\program files\Need2Find\bar moved successfully.
c:\program files\Need2Find moved successfully.
< hkey_local_machine\software\need2find >
Registry key hkey_local_machine\software\need2find\\ not found.
< C:\WINDOWS\SYSTEM32\NDBFAKMA.TMP >
C:\WINDOWS\SYSTEM32\ndbfakma.tmp moved successfully.
< C:\WINDOWS\PUGJFT.DAT >
C:\WINDOWS\pugjft.dat moved successfully.
< C:\WINDOWS\VTTOWP.DAT >
C:\WINDOWS\vttowp.dat moved successfully.
< C:\WINDOWS\RUN2.EXE >
C:\WINDOWS\run2.exe moved successfully.
< C:\WINDOWS\KTFSEC32.EXE >
C:\WINDOWS\ktfsec32.exe moved successfully.
< C:\FOUND.018 >
C:\FOUND.018 moved successfully.
< C:\WINDOWS\NTLUYA.DAT >
C:\WINDOWS\ntluya.dat moved successfully.
< C:\WINDOWS\ORXJZZ.DAT >
C:\WINDOWS\orxjzz.dat moved successfully.
OTMoveIt2 v1.0.20 log created on 02252008_190232
< c:\windows\n_aqxqfs.log >
c:\windows\n_aqxqfs.log moved successfully.
< c:\windows\n_xsyoer.log >
c:\windows\n_xsyoer.log moved successfully.
< hkey_local_machine\software\classes\adm4.adm4 >
Registry key hkey_local_machine\software\classes\adm4.adm4\\ deleted successfully.
< hkey_classes_root\adm4.adm4.1 >
Registry key hkey_classes_root\adm4.adm4.1\\ not found.
< hkey_classes_root\adm4.adm4 >
Registry key hkey_classes_root\adm4.adm4\\ not found.
< hkey_classes_root\adm25.adm25.1 >
Registry key hkey_classes_root\adm25.adm25.1\\ not found.
< hkey_local_machine\software\classes\appid\adm.exe >
Registry key hkey_local_machine\software\classes\appid\adm.exe\\ deleted successfully.
< hkey_local_machine\software\classes\appid\altnet signing module.exe >
Registry key hkey_local_machine\software\classes\appid\altnet signing module.exe\\ deleted successfully.
< hkey_classes_root\appid\adm.exe >
Registry key hkey_classes_root\appid\adm.exe\\ not found.
< hkey_local_machine\software\classes\adm25.adm25 >
Registry key hkey_local_machine\software\classes\adm25.adm25\\ deleted successfully.
< hkey_classes_root\adm25.adm25 >
Registry key hkey_classes_root\adm25.adm25\\ not found.
< hkey_local_machine\software\sacc >
Registry key hkey_local_machine\software\sacc\\ deleted successfully.
< c:\documents and settings\jamael\local settings\temporary internet files\ssk.log >
c:\documents and settings\jamael\local settings\temporary internet files\Ssk.log moved successfully.
< C:\WINDOWS\SYSTEM32\GUARD.TMP >
C:\WINDOWS\SYSTEM32\guard.tmp moved successfully.
< hkey_current_user\software\need2find >
Registry key hkey_current_user\software\need2find\\ deleted successfully.
< c:\program files\need2find >
c:\program files\Need2Find\bar\History moved successfully.
c:\program files\Need2Find\bar\Settings moved successfully.
c:\program files\Need2Find\bar moved successfully.
c:\program files\Need2Find moved successfully.
< hkey_local_machine\software\need2find >
Registry key hkey_local_machine\software\need2find\\ not found.
< C:\WINDOWS\SYSTEM32\NDBFAKMA.TMP >
C:\WINDOWS\SYSTEM32\ndbfakma.tmp moved successfully.
< C:\WINDOWS\PUGJFT.DAT >
C:\WINDOWS\pugjft.dat moved successfully.
< C:\WINDOWS\VTTOWP.DAT >
C:\WINDOWS\vttowp.dat moved successfully.
< C:\WINDOWS\RUN2.EXE >
C:\WINDOWS\run2.exe moved successfully.
< C:\WINDOWS\KTFSEC32.EXE >
C:\WINDOWS\ktfsec32.exe moved successfully.
< C:\FOUND.018 >
C:\FOUND.018 moved successfully.
< C:\WINDOWS\NTLUYA.DAT >
C:\WINDOWS\ntluya.dat moved successfully.
< C:\WINDOWS\ORXJZZ.DAT >
C:\WINDOWS\orxjzz.dat moved successfully.
OTMoveIt2 v1.0.20 log created on 02252008_190232
#22
Posted 24 February 2008 - 07:48 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Clean your Cache and Cookies in Firefox:
After that go to Start >Run and type in Cookies and delete everything that is a .txt file that shows up there.
===================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Ugrading Java:
Time for some housekeeping
Also delete\uninstall anything that we used that is left over.
==========================================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
- Go to Tools > Options.
- Click Privacy in the menu on the left side of the Options window.
- Click the Clear button located to the right of each option (History, Cookies, Cache).
- Click OK to close the Options window
- Alternatively, you can clear all information stored while browsing by clicking Clear All.
- A confirmation dialog box will be shown before clearing the information.
After that go to Start >Run and type in Cookies and delete everything that is a .txt file that shows up there.
===================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Ugrading Java:
- Download the latest version of Java Runtime Environment (JRE) 6 update 3.
- Choose Free Java Download
- Close any programs you may have running and follow the prompts.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
The above procedure will delete and do the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Clean System Restore points.
Also delete\uninstall anything that we used that is left over.
==========================================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
#23
Posted 24 February 2008 - 09:24 PM
Jaereloaded
- Topic Starter
-
- Member
-
- 22 posts
Member
I can't thank you enough for all your help. I am still having an issue. I'm trying to add this new Anti-virus software. I keeps saying I don't have sufficient memory to run this program..... but I've deleted almost everything to make room. What could be the problem?
#24
Posted 25 February 2008 - 02:58 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
You are welcome the problem seems to be that you need some more ram.
you have this much :Total Physical Memory: 127 MiB (512 MiB recommended). as reported by the Deckard system scanner.
128 mb's is very little and because antivirus programs run in the ackground they use a lot of ram.
Hope that helps
You are welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
you have this much :Total Physical Memory: 127 MiB (512 MiB recommended). as reported by the Deckard system scanner.
128 mb's is very little and because antivirus programs run in the ackground they use a lot of ram.
Hope that helps
You are welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#25
Posted 25 February 2008 - 02:59 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#26
Posted 25 February 2008 - 02:59 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
