Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Your my last and final hope before total format! [CLOSED]

Started by Neo-VII , Aug 08 2005 08:21 PM

  • This topic is locked This topic is locked

#1
Neo-VII
Posted 08 August 2005 - 08:21 PM

Neo-VII

    Member

  • Member
  • PipPip
  • 28 posts
I followed your Malware thread and did it.
When came out of Safe mode/internet off line and came back to desk top my Ad-Watch SE still shows Registry modification detected.
Search and destroy shows "WindowsSecurityCenter.AntiVirusDisableNotify" , "AbetterInternet" , AbetterInternet.Aurara.
Microsoft Antispyware showsTransonder.AbetterInternet.Aurora.
Ad-Aware shows a HKEY_LOCAL_MACHINE
TrojanHunter shows a Trojan file: C\Windows\Nail.exe (Adware.BetterInternet)

--------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 6:55:34 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\cdme\teib.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F22062D-2912-6960-1CB4-FA87903C00FA} - C:\Program Files\cdmweb\ohpqrpmvlw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CB34E464-24D6-2420-DAEB-7682BB1B2F91} - C:\WINDOWS\system32\ifmnxror.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [myziju] c:\windows\system32\zjpekav.exe r
O4 - HKLM\..\Run: [rmwfkq] c:\windows\system32\jfhkaer.exe r
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ASUS SmartDoctor] E:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Creative MediaSource Go] E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Shrkvkar] C:\WINDOWS\system32\w?nlogon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Wioa] C:\Program Files\cdme\teib.exe
O8 - Extra context menu item: Download &All by FD - fdiectx2.htm
O8 - Extra context menu item: Download with &FD - fdiectx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15014/CTPID.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Edited by Neo-VII, 08 August 2005 - 08:24 PM.

  • 0

Advertisements

#2
Rawe
Posted 09 August 2005 - 06:17 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome to GTG!

Ok, your log looks quite bad. Let's try to crack up the problem ;)

Please print these instructions out, or write them down, as you can't read them during the fix.


First;

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for jfhkaer.exe.
  • Open your C:\Windows\system32 folder and search for c:\windows\system32\jfhkaer.exe.
    Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select jfhkaer.exe and Click Kill3
  • Then immediately delete c:\windows\system32\jfhkaer.exe from your system32 folder.
REPEAT this SAME step for this file; c:\windows\system32\zjpekav.exe

When finished,

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Now scan with HJT and place a checkmark next to each of the following items:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {3F22062D-2912-6960-1CB4-FA87903C00FA} - C:\Program Files\cdmweb\ohpqrpmvlw.dll (file missing)
O2 - BHO: (no name) - {CB34E464-24D6-2420-DAEB-7682BB1B2F91} - C:\WINDOWS\system32\ifmnxror.dll
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [myziju] c:\windows\system32\zjpekav.exe r
O4 - HKLM\..\Run: [rmwfkq] c:\windows\system32\jfhkaer.exe r
O4 - HKCU\..\Run: [Shrkvkar] C:\WINDOWS\system32\w?nlogon.exe
O4 - HKCU\..\Run: [Wioa] C:\Program Files\cdme\teib.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Now using Windows Explorer locate the following files/folders and delete if present;

C:\Program Files\cdmweb\ohpqrpmvlw.dll
C:\WINDOWS\system32\ifmnxror.dll
C:\WINDOWS\system32\vidctrl\vidctrl.exe
c:\windows\system32\zjpekav.exe
c:\windows\system32\jfhkaer.exe
C:\WINDOWS\system32\w?nlogon.exe Note the ? -> Only delete the file with ?
C:\Program Files\cdme\teib.exe

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

- Rawe :tazz:
  • 0

#3
Rawe
Posted 09 August 2005 - 06:21 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
If you have AdWatch running, you will also need to disable it during the fix, otherwise it might prevent from doing it. Same applies for Microsoft Anti-spyware.

For AdWatch;

Right-click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically.

Uncheck both of those boxes.

For Microsoft Anti-spyware;

Right-click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. Disable everything else too - if there is anything.

We will re-enable both of these tools when we get your system clean first.

- Rawe :tazz:
  • 0

#4
Neo-VII
Posted 10 August 2005 - 12:29 AM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
This is the ewido security suite - Scan report when it did its job:




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:29:26 PM, 8/9/2005
+ Report-Checksum: C4E4BDDC

+ Scan result:

HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} -> Spyware.eAcceleration : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C398F337-51D5-40C3-AA3B-684E833D8888} -> Spyware.eAcceleration : Cleaned with backup
HKU\S-1-5-21-2052111302-842925246-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\18E76A83-53AF-478C-882E-A27EE4\05EE9921-3FD7-4CF4-9DB4-4FDDB7 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CE902D5-FCE2-441C-A2C9-DA4C40\007477B8-3204-4ADB-BA78-AFD358 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\32B22B70-F660-4748-A437-D8E6C0\E67ADBF8-FAF0-4D79-B214-C7EC68 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\526F90D1-75E0-4BD4-9AA9-D78065\6495E61F-7AA5-4953-BB47-959245 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\52BC082D-8A05-4F41-ACA6-C3D28E\0FBC38F9-1E08-4246-9A25-C6F96D -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\73A35292-F03F-43A7-9D08-D4D69F\FA196488-FD72-4C1B-9737-CE0463 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7A91879C-43B6-4D94-B6A9-E9285A\68BAEA4A-94C0-4BB9-9D40-F1B146 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\81489BDD-B1B3-4FFC-95BC-7E5525\BD8604F2-9EF9-4862-9EEB-CF0271 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8565E7F9-BD7A-4851-96FF-0C2150\A0FF17A8-4B8F-4359-ADB1-176E93 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\91473DBA-C39B-47C2-A076-0DE423\14325A20-A45E-4D9B-AB54-D2CF66 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B0FB06B3-E193-4377-A9A8-0DFF24\B8BCB994-6B4A-4071-8432-4FD858 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B1F71D06-2BAB-4213-A417-0D9E3D\CE4EE225-1656-4A28-957A-FBE08F -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFB5738F-3C39-4EAA-9EFA-6F5514\6FAD295F-E797-4F30-B081-47109C -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C473ED22-AD06-45C2-A7AE-377A62\9F2E7381-5B16-497D-BFA4-D80779 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D757B61B-1D9E-4334-8E89-3804D7\AE635E9E-798B-4158-9580-849E78 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D7AD0151-A190-4BD5-A2F9-012BAC\63AC8CFF-2EBA-4495-B27F-E8378A -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E6196726-6717-42C3-88F3-AE6E6B\548FF4AA-8CB6-4092-9B8D-677357 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ED0D7AD0-DCB1-457A-A9E9-5A3F43\ACBA8413-0BDD-4D5A-ABDD-98F6EA -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FB7BF356-1431-4D68-93F4-E47E8C\7DC8AF3E-D86D-489A-8418-F1213E -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FD0513B7-44B5-4649-A43F-6DC34F\1C913873-26E0-4B03-8552-F37ADF -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202519.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202584.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202585.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202808.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202821.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00202822.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203114.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203117.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203124.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203131.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203134.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203137.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203140.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203143.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203146.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00203406 -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\movie.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\dsr.exe.tcf -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\fuumhucpby.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe2226.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe3520.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe3807.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe4636.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe5276.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe661.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe6944.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe8247.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe9520.tcf -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\vawvgm.exe -> Adware.BetterInternet : Cleaned with backup

--------------------------------------------------------------------------------------------


This is Hijack once everythng was said and done before I went online:


Logfile of HijackThis v1.99.1
Scan saved at 11:14:15 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ASUS SmartDoctor] E:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Creative MediaSource Go] E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O8 - Extra context menu item: Download &All by FD - fdiectx2.htm
O8 - Extra context menu item: Download with &FD - fdiectx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15014/CTPID.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

---------------------------------------------------------------------------------------------

I would like to point out, once I got online (after all was said and done) I put on my ad-ware, Trojanhunter, Anti-spyware etc etc. My Ad-Watch event log shows 7 Modification detects after all was done. One of my friends say, thats not a good sign. I will let you be the judge of that.. Again thanks for all your help.. This means the world to me. Oh yea, the detected changes were after the highjack scan that you see here.

PS also at the APT point of your instructions, I coudlnt find any form of a jfhkaer.exe. I looked high and low and spent 20 min tryiing to locate. I even refreshed the window to locate but I never found.

Edited by Neo-VII, 10 August 2005 - 12:37 AM.

  • 0

#5
Rawe
Posted 10 August 2005 - 01:00 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
What did you do with AdWatch? Did you prevent the items or ignored?

Because. Couple things. I asked you to disable protection programs such as AdWatch and Microsoft Antispyware until you are clean just because of this. It detects the changes we have made in Safe Mode.. And if you would prevent them, it would mean all the malware will STAY on your PC.

So, if you could just disable your AdWatch & Microsoft Anti-spyware during our fixes, until you are clean, then we would re-enable it later on.

Ok, now;

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
- Rawe :tazz:
  • 0

#6
Neo-VII
Posted 10 August 2005 - 10:16 AM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I was in safe mode for most of the process, I looked for the programs but none opened on the taskbar. I assumed the programs were staying off on thier own. If needed I will redo the process.
  • 0

#7
Rawe
Posted 10 August 2005 - 11:11 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, if you still have AdWatch and/or MSAS running, please disable them before going into Safe Mode.
Keep them disabled when coming back from Safe mode.. No need to redo the entire process - just run the Kaspersky scan from my last post. ;)

Just disable them now and we'll enable them once your system is clean. Simple.

- Rawe :tazz:
  • 0

#8
Neo-VII
Posted 10 August 2005 - 11:18 AM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
all the anti adware/antisyware was turned off for this precess.


Infected Object Name - Virus Name
C:\Documents and Settings\Lee\Local Settings\Application Data\Identities\{DFC5987A-510A-4350-A7B4-33491604B6E9}\Microsoft\Outlook Express\Inbox.dbx/[From Washington Mutual, Inc. <[email protected]>][Date Wed, 24 Nov 2004 02:47:45 -0700]/html Infected: Trojan-Spy.HTML.Bankfraud.w
C:\Documents and Settings\Lee\Local Settings\Application Data\Identities\{DFC5987A-510A-4350-A7B4-33491604B6E9}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bankfraud.w
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP412\A0122105.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP418\A0122618.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP418\A0122647.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP418\A0122673.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0122761.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0123014.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP422\A0123207.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123337.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123362.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123378.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123542.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0124552.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP425\A0124586.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124606.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124607.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124627.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124648.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124653.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124655.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124656.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124730.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124731.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124732.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124742.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP427\A0124782.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125757.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125855.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125856.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125867.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125868.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125877.EXE Infected: Trojan-Downloader.Win32.IstBar.gi
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125883.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125903.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125929.EXE Infected: Trojan-Downloader.Win32.Small.asf
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125941.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125942.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125950.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126011.DLL Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126023.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126026.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126052.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126060.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126785.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0126832.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0126844.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0127843.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0127874.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0127894.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127900.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127901.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127928.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127937.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127940.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127997.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128003.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128005.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128010.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128030.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128036.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128037.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128051.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP433\A0128086.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP434\A0128107.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128243.exe Infected: Trojan-Downloader.Win32.Intexp.d
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128280.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128281.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128306.sys Infected: Rootkit.Win32.Agent.af
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128341.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128359.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128362.exe Infected: Trojan-Downloader.Win32.Intexp.d
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128364.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128424.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128441.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128512.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128513.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128564.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128565.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128566.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128668.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128669.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128671.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128673.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128674.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128675.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128679.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128680.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128681.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128682.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128683.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128684.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128685.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128686.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128688.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128689.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128690.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128691.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128692.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128693.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128694.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128696.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128697.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128698.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128699.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128701.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128702.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128707.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128708.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128709.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128711.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128712.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128713.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128715.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128716.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128740.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128741.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128743.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128744.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128745.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128746.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128830.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128831.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128832.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128833.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128834.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128835.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128836.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128837.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128838.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128839.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128840.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128841.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128842.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128843.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128844.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP439\A0128988.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\WINDOWS\system32\drivers\df_kmd.sys Infected: Rootkit.Win32.Agent.af

Scan process completed.

Edited by Neo-VII, 10 August 2005 - 11:24 AM.

  • 0

#9
Rawe
Posted 10 August 2005 - 11:21 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Delete these files;

C:\WINDOWS\system32\drivers\df_kmd.sys
C:\Documents and Settings\Lee\Local Settings\Application Data\Identities\{DFC5987A-510A-4350-A7B4-33491604B6E9}\Microsoft\Outlook Express\Inbox.dbx/[From Washington Mutual, Inc. <[email protected]>][Date Wed, 24 Nov 2004 02:47:45 -0700]/html Infected: Trojan-Spy.HTML.Bankfraud.w Delete this post frmo your Outlook's Inbox without reading it.

Empty recycle bin.

Then we'll clean up your restore points..

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again. ;) Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Once done all of this,
please run this online scan;
Panda Activescan

Post it's results here along with a fresh HiJackThis log.

- Rawe :tazz:

Edited by Rawe, 10 August 2005 - 11:22 AM.

  • 0

#10
Neo-VII
Posted 10 August 2005 - 01:18 PM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

C:\Documents and Settings\Lee\Local Settings\Application Data\Identities\{DFC5987A-510A-4350-A7B4-33491604B6E9}\Microsoft\Outlook Express\Inbox.dbx/[From Washington Mutual, Inc. <[email protected]>][Date Wed, 24 Nov 2004 02:47:45 -0700]/html Infected: Trojan-Spy.HTML.Bankfraud.w Delete this post frmo your Outlook's Inbox without reading it.


I went to this file and the Icons in the outlook express are not files that are openable. They look like their own dbx files. It has 30,985 KB. Do you want me to delete the whole file/icon?
  • 0

Advertisements

#11
Rawe
Posted 10 August 2005 - 01:37 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You should have the post on your email inbox of Outlook.
Go there, and see if you have that email (From address; Washington Mutual, Inc. <[email protected]>). Delete it WITHOUT opening the actual email. IF you don't have it, just delete the items you don't know/need and carry out with the rest of the instructions.

- Rawe :tazz:

Edited by Rawe, 10 August 2005 - 01:38 PM.

  • 0

#12
Neo-VII
Posted 10 August 2005 - 02:48 PM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I didnt want to accidently open the email so I selected all emails and erased them all, then I erased the deleted file. No emails exist now. I had roughly 3 1/2 years worth of emails in there.

EDITED- Forgive me, I had company coming in and kids jumping on me for part of this process. I may have skipped the process of reboot, and re-enableing. I wil redo this later.
-----------------------------------------------------------------------------------------------
Incident Status Location

Adware:adware/superspider No disinfected C:\WINDOWS\SYSTEM32\services
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:adware/novo No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Adware:Adware/PurityScan No disinfected C:\Program Files\backups\backup-20050809-224208-909.dll
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP403\A0120071.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP410\A0121795.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP418\A0122589.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP418\A0122590.EXE
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0122784.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0122820.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0123016.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP419\A0123037.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP420\A0123070.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP421\A0123184.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP422\A0123204.exe
Virus:Trj/Imiserv.D Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP422\A0123207.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123232.EXE
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123333.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123363.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123366.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP423\A0123367.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123462.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123473.ocx
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123474.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123493.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0123535.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0124514.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\A0124569.exe
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP424\snapshot\MFEX-2.DAT
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP425\A0124586.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP425\A0124591.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124598.DLL
Virus:Trj/Imiserv.D Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124606.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124607.exe
Virus:Trj/Imiserv.D Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124648.exe
Virus:Trj/Imiserv.D Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124653.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124655.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124656.exe
Virus:Trj/Imiserv.D Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124730.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124731.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP426\A0124732.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP428\A0124803.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125758.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125855.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP429\A0125856.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125867.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125868.exe
Virus:Trj/Downloader.DRJ Disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125869.exe
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125870.dll
Adware:Adware/SurfAccuracy No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125873.exe
Adware:Adware/PowerScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125877.EXE
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125912.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125928.EXE
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125929.EXE
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125930.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125931.EXE
Adware:Adware/Ucmore No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125935.dll
Adware:Adware/Ucmore No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125938.LNK
Adware:Adware/Ucmore No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125939.LNK
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125941.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125942.exe
Adware:Adware/Weirdontheweb No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125945.EXE
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125950.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125954.EXE
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125975.EXE
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125976.dll
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125977.inf
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0125991.dll
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126023.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126026.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126033.dll
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126060.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126065.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP430\A0126786.exe
Spyware:Spyware/Media-motor No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0126831.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0126845.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0127842.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP431\A0127874.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127900.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127901.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127903.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127937.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127940.exe
Spyware:Spyware/Media-motor No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0127958.OCX
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128003.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128005.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128010.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128036.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128037.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP432\A0128051.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP434\A0128136.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP434\A0128229.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128237.dll
Adware:Adware/Novo No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128238.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128241.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128243.exe
Adware:Adware/Ucmore No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128244.exe
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128245.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128280.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128281.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128331.exe
Spyware:Spyware/SurfSideKick No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128341.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128348.EXE
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128349.exe
Spyware:Spyware/SurfSideKick No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128355.exe
Spyware:Spyware/SurfSideKick No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128356.dll
Spyware:Spyware/SurfSideKick No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128357.dll
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128359.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128360.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128362.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128364.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128369.exe
Adware:Adware/DownloadWare No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128371.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128424.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128429.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128439.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128441.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128511.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128512.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128513.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128538.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128552.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128564.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128565.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128566.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128668.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128669.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128671.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128673.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128674.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128675.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128679.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128680.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128681.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128682.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128683.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128684.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128685.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128686.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128688.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128689.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128690.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128691.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128692.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128693.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128694.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128696.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128697.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128698.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128699.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128701.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128702.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128707.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128708.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128709.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128711.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128712.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128713.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128715.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128716.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128740.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128741.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128743.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128744.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128745.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128746.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP436\A0128801.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128805.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128815.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128830.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128831.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128832.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128833.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128834.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128835.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128836.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128837.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128838.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128839.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128840.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128841.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128842.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128843.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128844.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128845.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP437\A0128865.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{95341351-252B-4320-8BAB-97542C5C993B}\RP439\A0128969.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_res

Edited by Neo-VII, 10 August 2005 - 02:56 PM.

  • 0

#13
Rawe
Posted 10 August 2005 - 03:04 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Delete the following files;

C:\WINDOWS\weirdontheweb_topc.exe
C:\Program Files\backups\backup-20050809-224208-909.dll

Locate this folder, and delete only it's content (Not the folder itself, only everything inside it);

C:\System Volume Information\_restore

Run CleanUp!
reboot and post a fresh HiJackThis log.

- Rawe :tazz:
  • 0

#14
Neo-VII
Posted 11 August 2005 - 01:09 AM

Neo-VII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Followed your instructions till the point of Systems Volume Information. You said to open the folder and only destroy the contents of it but dont delete the folder it self. It wont let me open the folder at all. When I double click it it says Access is denied. What should I do?
  • 0

#15
Rawe
Posted 11 August 2005 - 01:16 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, let's forget that set of instructions, here are new ones.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:[list]
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields[list]
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, exit SpySweeper.
Now run CleanUp! but don't reboot yet.

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Launch SpySweeper;
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Now reboot into normal mode.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again. ;) Be sure to set a new restore point.

Then post me the SpySweeper session log along with a fresh HiJackThis & Panda ActiveScan log.

- Rawe :tazz:

Edited by Rawe, 11 August 2005 - 01:17 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP