ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
hijack this problem i have please hijack this problem i have please
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 8 of 10 < 1234567 8 910 >
 
LinkBack Thread Tools Display Modes
Old 04-13-2008, 05:39 PM   #71 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default
just tryed an that zlob virus is back. it says this in the address bar http://iednserror.info/ie6/en.php?id=880058 an all this dodgy porn things have come up on my desk top!!! aghhhhhhhhhh
texaspete is offline   Reply With Quote


Old 04-13-2008, 05:40 PM   #72 (permalink)
Diamond Member
 
Punk's Avatar
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,489
Default
Ok

Let's see a Combofix log:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
__________________
Punk's anti-hackers website
Punk's Website making and registering tutorial!

Rise And Fall, Rage And Grace

The Offspring!

Huck it!
I just want to be who I want to be
guess that's hard for others to see
Punk is offline   Reply With Quote
Old 04-13-2008, 06:02 PM   #73 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default
hey punk
ComboFix 08-04-12.10 - Peter D Martin 2008-04-13 17:55:13.4 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BluetoothAuthorizationAgent.ex e
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\update32.exe
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wscmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 17:39 . 2008-04-13 17:39 0 --a------ C:\WINDOWS\system32\sex3.ico.tmp
2008-04-13 17:38 . 2008-04-13 17:38 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp
2008-04-13 17:38 . 2008-04-13 17:38 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-04-13 17:27 . 2008-04-13 17:27 269,334 --a------ C:\WINDOWS\system32\dojmhkbqdsn.bmp
2008-04-13 17:22 . 2008-04-13 17:40 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-04-13 17:22 . 2008-04-13 17:39 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-04-13 17:21 . 2008-04-13 17:31 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-04-13 17:21 . 2008-04-13 17:30 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-04-13 17:20 . 2008-04-13 17:30 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-04-13 17:13 . 2008-04-13 17:13 269,334 --a------ C:\WINDOWS\system32\lgnetkrqhgfap.bmp
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a
2008-04-13 00:25 . 2008-04-13 00:25 269,334 --a------ C:\WINDOWS\system32\cradonidcr.bmp
2008-04-12 19:04 . 2008-04-12 19:04 269,334 --a------ C:\WINDOWS\system32\apknihgb.bmp
2008-04-12 10:17 . 2008-04-12 10:17 269,334 --a------ C:\WINDOWS\system32\felsnilcfatsf.bmp
2008-04-11 22:09 . 2008-04-11 22:09 269,334 --a------ C:\WINDOWS\system32\lcbitojml.bmp
2008-04-11 19:29 . 2008-04-11 19:29 269,334 --a------ C:\WINDOWS\system32\nepgjeh.bmp
2008-04-11 17:42 . 2008-04-11 17:42 <DIR> d-------- C:\_OTMoveIt
2008-04-11 17:13 . 2008-04-11 17:13 269,334 --a------ C:\WINDOWS\system32\krqtcjah.bmp
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2002-08-29 03:03 2,042,240 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-06 20:51 . 2008-04-06 20:51 <DIR> d-------- C:\school.exe
2008-04-05 22:36 . 2008-04-10 16:55 <DIR> d-------- C:\SDFix
2008-04-04 19:30 . 2008-04-07 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-12 10:32 <DIR> d-------- C:\scanner.exe
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:31 24,064 ----a-w C:\WINDOWS\system32\ntload.dll
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0 c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b 3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b 3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740 b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740 b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea0 1ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea0 1ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0 c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_23.17.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-04-27 20:10:38 2,569 -c--a-w C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst .bat
+ 2008-04-13 16:26:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-10 15:30:22 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:22 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-10 15:30:07 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:08 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2003-10-22 02:28:34 2,673 ----a-w C:\WINDOWS\hpimdl01.dat
+ 2006-07-23 20:46:04 2,560 ----a-r C:\WINDOWS\Installer\{40280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2003-03-31 02:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 02:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2003-03-31 02:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 02:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2003-05-03 12:10:24 1,727 ----a-w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Sonic\Update Manager\sumdb.dat
- 2006-10-12 10:50:39 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T
+ 2008-04-13 16:55:06 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T
+ 2003-03-31 02:00:00 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2002-08-29 08:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2003-03-31 02:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2003-03-31 02:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2003-03-31 02:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2003-03-31 02:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2003-03-31 02:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2003-03-31 02:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2003-03-31 02:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 02:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2003-03-31 02:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-07-18 22:47 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:00:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-13 18:02:37
ComboFix-quarantined-files.txt 2008-04-13 17:02:13
ComboFix2.txt 2008-04-11 16:32:29
ComboFix3.txt 2008-04-10 22:03:14
ComboFix4.txt 2008-04-04 22:18:23
Pre-Run: 12,172,034,048 bytes free
Post-Run: 12,162,920,448 bytes free
.
2008-03-16 11:13:52 --- E O F ---
texaspete is offline   Reply With Quote
Old 04-13-2008, 06:18 PM   #74 (permalink)
Diamond Member
 
Punk's Avatar
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,489
Default
Ok we have new files, let's delete them:

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.
  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Quote:
Files to delete:
C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp
C:\WINDOWS\system32\sex1.ico.tmp
C:\WINDOWS\system32\dojmhkbqdsn.bmp
C:\WINDOWS\system32\sex5.ico
C:\WINDOWS\system32\sex4.ico
C:\WINDOWS\system32\sex3.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\lgnetkrqhgfap.bmp
C:\WINDOWS\system32\cradonidcr.bmp
C:\WINDOWS\system32\ntload.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
__________________
Punk's anti-hackers website
Punk's Website making and registering tutorial!

Rise And Fall, Rage And Grace

The Offspring!

Huck it!
I just want to be who I want to be
guess that's hard for others to see
Punk is offline   Reply With Quote
Old 04-13-2008, 06:32 PM   #75 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp"
Deletion of file "C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

File "C:\WINDOWS\system32\sex1.ico.tmp" deleted successfully.
File "C:\WINDOWS\system32\dojmhkbqdsn.bmp" deleted successfully.
File "C:\WINDOWS\system32\sex5.ico" deleted successfully.
File "C:\WINDOWS\system32\sex4.ico" deleted successfully.
File "C:\WINDOWS\system32\sex3.ico" deleted successfully.
File "C:\WINDOWS\system32\sex2.ico" deleted successfully.
File "C:\WINDOWS\system32\sex1.ico" deleted successfully.
File "C:\WINDOWS\system32\lgnetkrqhgfap.bmp" deleted successfully.
File "C:\WINDOWS\system32\cradonidcr.bmp" deleted successfully.
File "C:\WINDOWS\system32\ntload.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
texaspete is offline   Reply With Quote


Old 04-13-2008, 06:34 PM   #76 (permalink)
Diamond Member
 
Punk's Avatar
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,489
Default
Do you still have the symptoms of the virus?
__________________
Punk's anti-hackers website
Punk's Website making and registering tutorial!

Rise And Fall, Rage And Grace

The Offspring!

Huck it!
I just want to be who I want to be
guess that's hard for others to see
Punk is offline   Reply With Quote
Old 04-13-2008, 06:38 PM   #77 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default
great Internet Explorer is working now,thats great shall i go back an do Kaspersky Online Scanner an follow ceewi1 instuctions
texaspete is offline   Reply With Quote
Old 04-13-2008, 06:42 PM   #78 (permalink)
Diamond Member
 
Punk's Avatar
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,489
Default
Yes, follow the kapersky instructions and post the log here.
__________________
Punk's anti-hackers website
Punk's Website making and registering tutorial!

Rise And Fall, Rage And Grace

The Offspring!

Huck it!
I just want to be who I want to be
guess that's hard for others to see
Punk is offline   Reply With Quote
Old 04-13-2008, 08:56 PM   #79 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default have to post log in 2 parts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 8:58:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702086
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75775
Number of viruses found: 39
Number of infected objects: 213
Number of suspicious objects: 3
Duration of the scan process: 01:51:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lorna Hubbard\Local Settings\Application Data\Mozilla\Firefox\Profiles\gzrsd51l.default\Cac he\2AB8EE1Bd01 Infected: not-virus:Hoax.Win32.Renos.bej skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\key 3.db Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\sea rch.sqlite Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\url classifier2.sqlite Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From EBAY <Email@custom83279934.24918177se.com>][Date 7 Nov 2006 05:56:37 -0800]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From paypal.com <service9341@82paypal-us.com>][Date Tue, 17 Oct 2006 05:01:27 +0300]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temp\Perflib_Perfdata_1e0.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temp\~DF6FB0.tmp Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter D Martin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Shared\# bj bridges bj bridges 59.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\(Crack) im feeling nothing dada 16.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\02 Track 2 (army).wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\[Full Version] alf garnett 18.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\xubaci89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bjbcqufv.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\buvigkhr.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\chcngsah.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\diyjepwa.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.s cr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fcsgovrt.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fujrdftv.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gueyaoye.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hmwxxnei.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hoxrulwt.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ieupdates. exe.vir Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jbclavhv.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kfquoiyb.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lktakvyg.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lutcgcba.d ll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgqfpmpy.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mkwmciyg.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\shdohvuv.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\srqffjjc.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sypieccq.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tbkrsbsp.d ll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tlnmxkgl.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tswqmjrm.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uovsxpbx.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\update32.e xe.vir Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\upjoxenc.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vpioktre.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winupdate. exe.vir Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqkimido.d ll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wscmp.dll. vir Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xuykdcfq.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xwyvpdtj.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ydagxkgh.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yeihpnsv.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yfhbyanl.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yhenxmhf.d ll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip/awvvu.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip/tuvvwwu.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip ZIP: infected - 3 skipped
C:\SDFix\backups\backups.zip/backups/b155.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\SDFix\backups\backups.zip/backups/mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\SDFix\backups\backups.zip/backups/UGES_0001_N122M2602NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.ee skipped
C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped
texaspete is offline   Reply With Quote
Old 04-13-2008, 08:57 PM   #80 (permalink)
Bronze Member
 
Join Date: Apr 2008
Posts: 80
Default
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0215565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0215566.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0216565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP494\A0218565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP495\A0221650.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP496\A0222705.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP496\A0222758.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0223822.exe Infected: Trojan-Downloader.Win32.Agent.lqu skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0223827.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224813.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224829.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224830.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226861.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226862.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226863.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226873.exe Infected: Trojan-Downloader.Win32.Homles.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0227861.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0228876.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0228948.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0229992.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0230003.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231007.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231013.exe Infected: Trojan-Downloader.Win32.Homles.at skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231020.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231027.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231034.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231048.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231095.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232090.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232108.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232109.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232110.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232110.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232111.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232112.dll Infected: not-a-virus:AdWare.Win32.BHO.sr skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232114.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232114.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232123.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232197.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232210.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232222.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232242.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0233238.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0233247.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233289.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233292.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233294.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233295.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233296.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233297.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233298.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233299.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233300.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233301.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233302.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233303.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233304.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233305.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233306.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233308.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233309.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233311.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233313.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233314.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233315.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233317.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233318.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233319.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233320.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233321.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233322.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233323.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233331.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233333.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233334.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233335.exe Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233338.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233339.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233340.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233341.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233342.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233343.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233344.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233345.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233346.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233347.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233348.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233349.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233350.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233351.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233352.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233353.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233354.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233355.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233356.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233357.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233358.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233359.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233360.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233361.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233363.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233364.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233365.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233367.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233368.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233373.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233820.exe Infected: Trojan-Downloader.Win32.Agent.ltf skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233849.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233850.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233859.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233860.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233866.exe Infected: not-a-virusownloader.Win32.WinFixer.ee skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0234100.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0234110.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0235106.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0235118.dll Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235128.exe Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235129.dll Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235130.exe Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235131.exe Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235178.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGES_0001_N122M2602NetInstaller.e xe Infected: not-a-virusownloader.Win32.WinFixer.ee skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UGES_0001_N122M2602NetInstaller.e xe Infected: not-a-virusownloader.Win32.WinFixer.ee skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UGES_0001_N122M2602NetInstaller.e xe Infected: not-a-virusownloader.Win32.WinFixer.ee skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B57ED9 A0-D8D3-4E0A-BAA7-CA9973BEAA41}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
texaspete is offline   Reply With Quote
Reply
Page 8 of 10 < 1234567 8 910 >

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
I have another problem Hijack this for me. striker Computer Security 1 07-11-2006 06:00 PM