Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i got a problem... idk if its a virus worm ect! [RESOLVED]


  • This topic is locked This topic is locked

#16
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
    "C:\Program Files\PC-Doctor 5 for Windows\bak\RunProfiler.exe"
    "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
    "C:\WINDOWS\ehome\bak\ehtray.exe"
    "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
    "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
    "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
    "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
    "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
    "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
    "C:\Program Files\Yahoo!\YOP\bak\yop.exe"
    "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
    "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\bak\GoogleToolbarNotifier.exe"
    "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

Advertisements


#17
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
here you go...

******


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Mon 03/03/2008
The current time is: 18:19:37.71


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HPDIGI~1\BAK

03/20/2006 08:05 AM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PC-DOC~1\BAK

01/19/2006 11:20 PM 53,248 RunProfiler.exe
1 File(s) 53,248 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 01:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 08:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/22/2005 09:14 PM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\WINDOWS\TEMP\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 08:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COREL\CORELS~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/15/2006 09:34 PM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

12/15/2005 05:18 PM 49,152 HPwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\BROWSER\BAK

07/21/2006 03:19 PM 129,536 ybrwicon.exe
1 File(s) 129,536 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

10/26/2006 09:21 PM 4,662,776 YAHOOM~1.EXE
1 File(s) 4,662,776 bytes

Directory of C:\PROGRA~1\YAHOO!\YOP\BAK

07/21/2006 09:43 AM 407,032 yop.exe
1 File(s) 407,032 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

11/02/2004 02:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\12908~1.847\BAK

12/16/2006 05:50 PM 165,304 GoogleToolbarNotifier.exe
1 File(s) 165,304 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/01/2005 10:35 PM 49,152 hphupd08.exe
1 File(s) 49,152 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 Mar 20 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe1167274216"
90112 Mar 20 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Jan 19 2006 "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe"
53248 Jan 19 2006 "C:\Program Files\PC-Doctor 5 for Windows\bak\RunProfiler.exe"
53248 Jan 19 2006 "D:\MiniNT\PC-Doctor 5 for Win PE\RunProfiler.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
249856 Feb 15 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 15 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Dec 15 2005 "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe1167274221"
49152 Dec 15 2005 "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
129536 Jul 21 2006 "C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
4662776 Oct 26 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Oct 26 2006 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
407032 Jul 21 2006 "C:\Program Files\Yahoo!\YOP\yop.exe"
407032 Jul 21 2006 "C:\Program Files\Yahoo!\YOP\bak\yop.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
52272 Feb 23 2008 "C:\Program Files\Google\googletoolbar3user.exe"
61440 Sep 14 2006 "C:\Program Files\Google\Google Earth\googleearth.exe"
559784 May 14 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 23 2008 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 Jan 19 2008 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
165304 Dec 16 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
165304 Dec 16 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\bak\GoogleToolbarNotifier.exe"
49152 Jun 1 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
49152 Jun 1 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"


end of report
  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Program Files\HP DigitalMedia Archive\bak
    C:\Program Files\PC-Doctor 5 for Windows\bak
    C:\WINDOWS\CREATOR\bak
    C:\WINDOWS\ehome\bak
    C:\WINDOWS\SMINST\bak
    C:\Program Files\BroadJump\Client Foundation\bak
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
    C:\Program Files\HP\HP Software Update\bak
    C:\Program Files\Yahoo!\browser\bak
    C:\Program Files\Yahoo!\Messenger\bak
    C:\Program Files\Yahoo!\YOP\bak
    C:\Program Files\Common Files\Symantec Shared\Security Center\bak
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\bak
    C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
    C:\Program Files\Messenger\Bak
    C:\WINDOWS\TEMP\BAK
    C:\Program Files\COREL\CORELSoftware\BAK

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 3, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bad folders and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#19
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Mon 03/03/2008
The current time is: 18:49:24.79


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COREL\CORELS~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
  • 0

#20
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
    C:\PROGRA~1\COREL\CORELS~1\BAK
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================
Then:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#21
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
C:\PROGRA~1\COMMON~1\SYMANT~1\BAK moved successfully.
C:\PROGRA~1\COREL\CORELS~1\BAK moved successfully.

OTMoveIt2 v1.0.20 log created on 03032008_191123
  • 0

#22
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Malwarebytes' Anti-Malware 1.05
Database version: 447

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|)
Objects scanned: 184303
Time elapsed: 1 hour(s), 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 47

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Easy Spyware Cleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\zufz\zufzd\class-barrel (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\zufz\zufzd\vocabulary (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Kernel.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Resources.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\WndLayer.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Messenger\ryhoseni77798.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\antivirus.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\sysfixer.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\35h4uv70.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\36mya5mq.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\f2w1iber.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\f8owjhfb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\g0pb9g8t.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\murka.dat.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\seiernlc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuspnm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo01\iDlo011065.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1244853494-1287266354-100792079-1008\Dc2.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001335.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001383.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001384.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0005425.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0005448.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP12\A0007572.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP12\A0007573.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP13\A0008526.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP13\A0008527.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP13\A0008560.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\defs.pkg (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.local (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.log (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\msvcp71.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\msvcr71.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Uninstall.exe (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Easy Spyware Cleaner\Register Easy Spyware Cleaner.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Easy Spyware Cleaner\Start Easy Spyware Cleaner.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Easy Spyware Cleaner\Uninstall.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Spyware Cleaner.lnk (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#24
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UGA6P_0001_N122M0611NetInstaller.exe
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Virus:W32/Autorun.IC.worm Disinfected C:\16bf9dbe69c7b3569ec388d8a1cb12\16bf9dbe69c7b3569ec388d8a1cb12.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\All Users\Desktop\Desktop.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\All Users\Favorites\AT&T Yahoo!\Yahoo!\Yahoo!.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\All Users\Favorites\SBC Yahoo! DSL\Yahoo!\Yahoo!.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\HP_Administrator\Administrator.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][10].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][11].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][9].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_adm[email protected][3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_admini[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrat[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected]alfusion[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt

Edited by ZetaByte, 04 March 2008 - 09:03 PM.

  • 0

#25
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\HP_Administrator\Desktop\Desktop.exe
Adware:Adware/TrafficSol Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe]
Adware:Adware/TrafficSol Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe][\bann.exe]
Adware:Adware/TrafficSol Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe][\bann.exe][%%\spads.dll]
Adware:Adware/AdRotator Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe][\adw.exe]
Adware:Adware/AdRotator Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe][\adw.exe][]
Adware:Adware/AdRotator Not disinfected C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip[setup.exe][\adw.exe][\nsBrowserOpt.dll]
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\HP_Administrator\Shared\Shared.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Karina\Cookies\[email protected][1].txt
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\Karina\Desktop\Desktop.exe
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Santiago\Cookies\[email protected][1].txt
Virus:W32/Autorun.IC.worm Disinfected C:\Documents and Settings\Santiago\Desktop\Desktop.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\3DGroove\AppFolders\1a6b9ca4aa836243accdcd860964e200\GrvCACHE\loader.grv\loader.grv.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\3DGroove\Extensions\Extensions.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\3DGroove\GrooveApps\GrooveApps.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ActiveX.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Esl\Esl.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Help\ENU\ENU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\en_US.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\ENU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\images.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\ENU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\CMap.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\Font.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\PFM.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\LanguageNames\LanguageNames.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Proximity\Proximity.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Resource\Resource.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\ENU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Activation\Activation.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Activation\en_US\en_US.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Adobe Bridge.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\browser\browser.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\browser\classes\classes.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\browser\defaults\defaults.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\browser\plugins\plugins.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\browser\skin\skin.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\data\bridgedb\bridgedb.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\data\mysql\mysql.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\charsets.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\czech\czech.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\danish\danish.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\dutch\dutch.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\english\english.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\estonian\estonian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\french\french.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\german\german.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\greek\greek.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\hungarian\hungarian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\italian\italian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\japanese\japanese.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\korean\korean.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\norwegian\norwegian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\norwegian-ny\norwegian-ny.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\polish\polish.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\portuguese\portuguese.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\romanian\romanian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\russian\russian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\serbian\serbian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\solvak\solvak.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\spanish\spanish.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\swedish\swedish.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\ukrainian\ukrainian.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\da_DK\da_DK.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\de_DE\de_DE.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\el_GR\el_GR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\en_US\en_US.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\es_ES\es_ES.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\fi_FI\fi_FI.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\fr_FR\fr_FR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\he_IL\he_IL.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\hr_HR\hr_HR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\hu_HU\hu_HU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\it_IT\it_IT.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\ja_JP\ja_JP.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\ko_KR\ko_KR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\nl_NL\nl_NL.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\no_NO\no_NO.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\pl_PL\pl_PL.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\pt_BR\pt_BR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\ro_RO\ro_RO.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\ru_RU\ru_RU.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\sl_SI\sl_SI.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\sv_SE\sv_SE.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\th_TH\th_TH.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\tr_TR\tr_TR.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\vi_VN\vi_VN.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\zh_CN\zh_CN.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Legal\zh_TW\zh_TW.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Plug-Ins\Plug-Ins.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Presets\color books\color books.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\required\required.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Resources\en\en.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Resources\en\_customization\_customization.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Resources\en\_media\_media.exe
Virus:W32/Autorun.IC.worm Disinfected C:\Program Files\Adobe\Adobe Bridge\Resources\Resources.exe
Virus:Generic Malware Disinfected C:\Program Files\Movie Maker\viliwi.dll
Virus:Generic Malware Disinfected C:\Program Files\Movie Maker\viliwi694.dll
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\.exe.vir
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\Documents and Settings\All Users\All Users.exe.vir
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\Documents and Settings\Default User\Administrator.exe.vir
Adware:Adware/ErrorSafe Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\pcpriv.exe.vir
Adware:Adware/WinAntiVirus2007 Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\printer.exe.vir
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\Documents and Settings\HP_Administrator\HP_Administrator.exe.vir
Virus:W32/Trats.B Disinfected C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir
Virus:W32/Trats.B Disinfected C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\6t5cvl39.exe.vir
Virus:Trj/Agent.GXF Disinfected C:\QooBox\Quarantine\C\WINDOWS\b111.exe.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\c2dfn1lj.exe.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\dydlef6i.exe.vir
Virus:Trj/Virantix.A Disinfected C:\QooBox\Quarantine\C\WINDOWS\medichi2.exe.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\mfye73i6.exe.vir
Virus:W32/Trats.B Disinfected C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.tmp.vir
Virus:Trj/Downloader.SCO Disinfected C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.tmp.vir
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Administrator.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dqdviqjh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\whadosov.dll.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\t1qtuxqy.exe.vir
Virus:Trj/Agent.HWY Disinfected C:\QooBox\Quarantine\C\WINDOWS\trayicon.exe.vir
Adware:Adware/BHO Not disinfected C:\QooBox\Quarantine\C\WINDOWS\windsk.dll.vir
Adware:Adware/VirusAlarma Not disinfected C:\QooBox\Quarantine\C\WINDOWS\wsystmp_qom.exe.vir
Virus:W32/Autorun.IC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\wsystmp_yah.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-03-02_170206.93.zip[gplpqptz.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-03-02_170206.93.zip[hggddcd.dll]

Edited by ZetaByte, 04 March 2008 - 09:01 PM.

  • 0

Advertisements


#26
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00003975.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00004220.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00004534.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00004583.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00005372.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\NPROTECT\00005521.exe
Virus:Generic Trojan Disinfected C:\WINDOWS\browser.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M0611NetInstaller.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_4444_N122M2811NetInstaller.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\WINDOWS\Downloaded Program Files\UGA6P_4444_N122M2811NetInstaller.exe
Virus:W32/Trats.B
  • 0

#27
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\windows\downloaded program files\UGA6P_0001_N122M0611NetInstaller.exe 
    c:\windows\cdmxtras 
    C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip
    C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL 
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M0611NetInstaller.exe 
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_4444_N122M2811NetInstaller.exe 
    C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe 
    C:\WINDOWS\Downloaded Program Files\UGA6P_4444_N122M2811NetInstaller.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
Also post another Hijackthis log please and let me know how things are running?
  • 0

#28
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
c:\windows\downloaded program files\UGA6P_0001_N122M0611NetInstaller.exe moved successfully.
c:\windows\cdmxtras moved successfully.
C:\Documents and Settings\HP_Administrator\Shared\ad aware 2007 new.zip moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL NOT unregistered.
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_0001_N122M0611NetInstaller.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGA6P_4444_N122M2811NetInstaller.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\UGA6P_4444_N122M2811NetInstaller.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 03042008_193738
  • 0

#29
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:21 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn27\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9203 bytes
  • 0

#30
ZetaByte

ZetaByte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
everything is ok...
my AVG was telling me i had a virus but not anymore...
all the .pos files are gone...
one desktop icon is gone except 'windows update'
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP