Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

imapi.exe being a butt [RESOLVED]

Started by Hamze , Jun 01 2008 09:15 AM

  • This topic is locked This topic is locked

#106
Hamze
Posted 15 June 2008 - 06:17 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-6.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-21.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-23.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-48.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-4.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-28.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-27.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-26.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-26.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-23.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-26.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-26.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-26.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-25.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-25.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-25.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-25.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-25.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-24.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-24.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-24.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-24.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-24.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-23.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-23.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-23.txt[.systemdoctor.com/]
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-21.txt[.systemdoctor.com/]
00521528 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt[www.winantiviruspro.com/]
00521528 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt[www.winantiviruspro.com/]
00521528 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt[www.winantiviruspro.com/]
00745298 Adware/SurfAccuracy Adware No 1 Yes No C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\SAcc.prod.v1154.28fev2006.exe.0de6dbd8c74b758e2562e438c4e8ca0b
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\MOE\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001378.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001547.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000279.EXE
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001711.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001710.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\gnqjsagk.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\gpnhufkl.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hanpioiu.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001708.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001706.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001702.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\kykkghwo.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dfpuxhqy.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ydoixolc.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001714.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001700.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001697.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ntghtkji.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001696.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\pqaergpt.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001695.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qlsovtvd.exe.vir
  • 0

Advertisements

#107
Hamze
Posted 15 June 2008 - 06:18 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ctyohncu.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cswqohuu.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001701.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001712.exe
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001717.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\sshohmls.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001718.exe
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ugixhemc.exe.vir
01343053 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nhfyekab.exe.vir
01942310 Dialer.KPW Dialers No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000009.exe
01942310 Dialer.KPW Dialers No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lnaccess.exe.vir
02379093 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tet.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001536.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001366.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000270.sys
02888629 Adware/NaviPromo Adware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qdizfmbvqm.exe.vir
02888629 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000023.exe
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000037.dll
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000036.dll
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qnsoadsr.dll.vir
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000035.dll
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\soygsprx.dll.vir
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\romigfsn.dll.vir
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000038.dll
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\sfbeswtu.dll.vir
02889403 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001707.dll
02889403 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ftokayys.dll.vir
02889403 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001698.dll
02889403 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lknmfajk.dll.vir
02890030 Dialer.KXO Dialers No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000010.exe
02890030 Dialer.KXO Dialers No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nsinet.exe.vir
02891476 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ssdurmyd.dll.vir
02891476 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001713.dll
02891477 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ofrdcojr.dll.vir
02891477 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000034.dll
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\MOE\HAMZE &HAMDA\Cookies\hamze &hamda@adsrevenue[1].txt
02897731 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001715.dll
02897731 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\swuhpvks.dll.vir
02897731 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\bvwnygly.dll.vir
02897731 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ithpefvq.dll.vir
02897731 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001691.dll
02897731 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001704.dll
02897731 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001705.dll
02897731 Spyware/Vundo Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ildaghrh.dll.vir
02941684 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No C:\Documents and Settings\HASSAN\My Documents\The Matrix Reloaded 2003 HQ-DVDrip x264-uSk.mpg
02941684 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.avi
02990262 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001709.dll
02990262 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001716.dll
02990262 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\txelbsbv.dll.vir
02990262 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nljysvya.dll.vir
02990275 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\crdaails.dll.vir
02990275 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001699.dll
02990275 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\gcwdprrr.dll.vir
02990275 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001693.dll
02990288 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001692.dll
02990288 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cngugtrv.dll.vir
02990288 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\haqeomfa.dll.vir
02990288 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001703.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location .X
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description .X
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022 .X
;===============================================================================
=================================================================================
===================
  • 0

#108
BHowett
Posted 17 June 2008 - 03:32 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello Hamze,

Not looking to bad most of what Panda's ActiveScan found is in quarantine or system restore points, and we will clean that out when we are finished.

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\ACM\auraupg1.exe
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\BMZ\auraupg1.exe
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\OFA\auraupg1.exe
C:\Documents and Settings\HASSAN\My Documents\The Matrix Reloaded 2003 HQ-DVDrip x264-uSk.mpg
C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.avi
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5AA06644-BC46-4220-A460-47A6EB47C96D}
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============================================


Please post the OTMoveIt2 log and a new HijackThis log and let me know how things are running.
  • 0

#109
Hamze
Posted 17 June 2008 - 04:42 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's the OTMoveIt2 log:
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\ACM\auraupg1.exe moved successfully.
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\BMZ\auraupg1.exe moved successfully.
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\OFA\auraupg1.exe moved successfully.
C:\Documents and Settings\HASSAN\My Documents\The Matrix Reloaded 2003 HQ-DVDrip x264-uSk.mpg moved successfully.
C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.avi moved successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1 >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5AA06644-BC46-4220-A460-47A6EB47C96D} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5AA06644-BC46-4220-A460-47A6EB47C96D}\\ not found.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa\\ deleted successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_183947
  • 0

#110
Hamze
Posted 17 June 2008 - 04:44 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:03 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ShredderChess\Shredder Classic\Shredder.exe
C:\Documents and Settings\MOE\Desktop\Rybkav2.3.2a.w32.exe
C:\Program Files\ChessBase\CBLight2007\CBLight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

--
End of file - 8209 bytes

Everything seems to be running smoothly(meaning, nothing unusual is happening).
  • 0

#111
BHowett
Posted 17 June 2008 - 05:06 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

Glad to here things are running good :)

ComboFix Removal
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

===============================================

OTCleanIt

Download OTCleanit
Save it to your Desktop.

  • Double-click on OTCleanIt.exe to run
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You may be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

===============================================

Reset your restore points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


===============================================

This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Posted Image 1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

Posted Image 4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0

#112
Hamze
Posted 19 June 2008 - 11:53 AM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I've just one teensy little problem. It's this stupid Windows Installer thing. It keeps popping up whenever I open something like Word. It keeps failing to install and I don't feel like getting a cd-rom.

Attached Thumbnails

  • annoying.GIF
  • alsoannoying.GIF

  • 0

#113
BHowett
Posted 19 June 2008 - 02:41 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

The only way I know of to fix it is to run the Windows Installer CleanUp Utility, witch may uninstall the program then you would need the disc to reinstall anyway. I think the best course of action since this is not malware related is to refer you to the Tech’s. please post you question HERE and let them know you were cleared on the malware forum. :)
  • 0

#114
BHowett
Posted 20 June 2008 - 07:46 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP