Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

this one's a doozy ...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Unread postby random/random » July 25th, 2006, 6:18 am

Please download the Killbox.
Unzip it to the desktop

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\WINDOWS\system32\bk.exe.ren
C:\Program Files\Common Files\uffw\
C:\WINDOWS\univer.exe
C:\Program Files\Common Files\{644f1b91-05fd-1033-0423-020121020001}\
C:\siteerror.exe
C:\Program Files\inetget2\
C:\Program Files\ipwins\
C:\Program Files\sports mogul\
C:\Program Files\Common Files\mejeh.html
C:\WINDOWS\iun3401.exe
C:\asd.exe
C:\Delme.bat
C:\WINDOWS\unvise32.exe
C:\Program Files\System Files\
C:\Program Files\MSN\polokibob.html


Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Copy the contents of the following quote to a notepad window




Code: Select all
REGEDIT4

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"uffw"=-
"CAS2"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{644F1B91-05FD-1033-0423-020121020001}"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"uffw"=-
"CAS2"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{644F1B91-05FD-1033-0423-020121020001}"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{644F1B91-05FD-1033-0423-020121020001}"=-

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{644F1B91-05FD-1033-0423-020121020001}]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]


Save it to the desktop as fix.reg, making sure the save as type is set to all files

Double click on fix.reg, when asked if you want ot merge the information in fix.reg in the registry choose yes/ok

Copy the contents of the following codebox to a notepad window

Code: Select all
dir "C:\Program Files\tclock " /a h > files.txt
echo.>> files.txt
start files.txt



Save it to the desktop as peek.bat, making sure the save as type is set to all files

Doubleclick on findlop.bat, it should open a notepad window, copy and paste the contents of that notepad window as a reply to this thread

Run an online virus scan called Kapersky from HERE.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.

Post back with the Kapersky log, the results of peek.bat and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top
Advertisement
Register to Remove

... clarification ...

Unread postby ccinmfd » July 25th, 2006, 9:22 am

... just a question on your instructions:

Save it to the desktop as peek.bat, making sure the save as type is set to all files

Doubleclick on "findlop.bat", it should open a notepad window, copy and paste the contents of that notepad window as a reply to this thread ..


I am proceeding as if you wanted me to double-click on "peek.bat," not "findlop.bat" ... as I don't have a "findlop.bat" on the desktop ... ccinmfd
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Top

Unread postby random/random » July 25th, 2006, 9:24 am

Yes, sorry about that, I meant click on peek.bat :oops:
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

... latest logs ...

Unread postby ccinmfd » July 25th, 2006, 11:34 am

Most recent HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:31:06 AM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\carrollc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VPN Client.lnk = ?
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: Domain = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: NameServer = 10.129.1.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = boysvillage.org
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


The Peekbat. file results:

Volume in drive C has no label.
Volume Serial Number is 644F-1B91

Directory of C:\Program Files\tclock


Directory of C:\Documents and Settings\carrollc\Desktop



Results of Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 25, 2006 11:16:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/07/2006
Kaspersky Anti-Virus database records: 209750
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47350
Number of viruses found: 43
Number of infected objects: 195 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:36:59

Infected Object Name / Virus Name / Last Action
C:\!KillBox\bk.exe.ren/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\!KillBox\bk.exe.ren/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\!KillBox\bk.exe.ren CAB: infected - 2 skipped
C:\!KillBox\polokibob.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\bintheredunthat\da.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\bintheredunthat\dra.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\bintheredunthat\RDFX4.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\bintheredunthat\RDFX4.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\bintheredunthat\RDFX4.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\DebinMFD\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\DebinMFD\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\CACHE\debinm01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\debinmfd Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\debinmfd.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\debinmfd.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F40000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02840001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\028C0000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02980001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02980003.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02DC0000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02DC0001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E00000.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E00001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E00002.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40002.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E80000.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02EC0000.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02EC0001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03040000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\036C0000.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03880000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B00000.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04980000.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04DC0000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04DC0001.VBN Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06340000.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480000.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480001.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\064C0000.VBN Infected: Backdoor.Win32.Wisdoor.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C00000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E540000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\carrollc\Application Data\AOL\C_America Online 9.0a\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\AOL\C_America Online 9.0a\IDB\art.idx Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\AOL\C_America Online 9.0a\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\AOL\C_America Online 9.0a\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\AOL\C_America Online 9.0a\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Microsoft\Outlook\MS Exchange Settings.srs Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\cert8.db Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\history.dat Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\key3.db Object is locked skipped
C:\Documents and Settings\carrollc\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\parent.lock Object is locked skipped
C:\Documents and Settings\carrollc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Application Data\Mozilla\Firefox\Profiles\l90e139b.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Temp\ExchangePerflog_8484fa310eb73a03467773b1.dat Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Temp\~DF4610.tmp Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Temp\~DFAEA0.tmp Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Temp\~DFDEB4.tmp Object is locked skipped
C:\Documents and Settings\carrollc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\carrollc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\carrollc\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0019196.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020145.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020153.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020156.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020160.pif Infected: Trojan-Downloader.Win32.Tiny.dq skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020232.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.i skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0020233.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.i skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021170.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021172.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021178.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021180.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021193.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021197.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021197.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021197.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021199.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021210.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021211.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021212.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021213.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021215.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021216.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021219.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021225.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021226.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021227.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021228.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021238.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021247.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021248.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0021251.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022238.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022241.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022242.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022246.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022247.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022252.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022253.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022255.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022261.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022265.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022267.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0022271.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0024275.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0024277.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0024283.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0024287.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0025288.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0026283.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0026287.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0027286.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0027287.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0027288.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0027290.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0028283.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0028288.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029287.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029292.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029297.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029305.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029371.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029376.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029378.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029383.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029388.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0029393.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0031392.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0031396.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0031401.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035396.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035404.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035405.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035406.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035407.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035408.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035409.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035410.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035411.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035412.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035413.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035414.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035416.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035417.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035418.exe Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035419.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035420.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035421.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035422.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035424.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035464.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035468.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035468.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0035468.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036396.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036401.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036402.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036403.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036446.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036447.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036480.exe Infected: Trojan-Clicker.Win32.VB.is skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036481.dll Infected: not-a-virus:AdWare.Win32.CASClient.d skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036484.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036485.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036486.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036487.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036488.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036489.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0036490.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037564.exe Infected: Backdoor.Win32.IRCBot.to skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037696.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037697.dll Infected: Trojan-Downloader.Win32.Zlob.wd skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037698.dll Infected: Trojan-Downloader.Win32.Zlob.wd skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037699.dll Infected: Trojan-Downloader.Win32.Zlob.wd skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037700.dll Infected: Trojan-Downloader.Win32.Zlob.wd skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037702.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037703.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037704.exe Infected: Backdoor.Win32.IRCBot.to skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037705.dll Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037706.exe Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037707.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037708.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037709.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037710.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037711.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037712.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037713.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037714.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037715.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037716.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037717.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037718.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037719.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037720.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037721.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037722.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037723.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037724.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037725.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037726.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037727.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037728.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037729.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037730.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037731.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037732.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037733.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037734.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037735.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\A0037736.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{36699502-75CE-4155-9423-6BB5C4A31529}\RP26\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\DeskAdX.dll Infected: not-a-virus:AdWare.Win32.WinAD.n skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Top

Unread postby random/random » July 25th, 2006, 11:53 am

Reveal Hidden Files
  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.


Use windows explorer to find and delete this file:

C:\WINDOWS\Downloaded Program Files\DeskAdX.dll

And these folders:

C:\Program Files\tclock\
C:\!KillBox\
C:\bintheredunthat\

Restart

Post back with a new HijackThis log and tell me how the computer is running now
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

... update and log ...

Unread postby ccinmfd » July 25th, 2006, 5:46 pm

Well, I found all the folders to delete, but not the file:

C:\WINDOWS\Downloaded Program Files\DeskAdX.dll

... and here's the latest HiJackThis log:


C:\WINDOWS\Downloaded Program Files\DeskAdX.dll

Logfile of HijackThis v1.99.1
Scan saved at 5:42:44 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\carrollc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VPN Client.lnk = ?
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: Domain = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: NameServer = 10.129.1.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = boysvillage.org
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


overall, the computer is running better ... no popups ... yet ... thanks for your help ... ccinmfd
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Top

Unread postby random/random » July 26th, 2006, 4:04 pm

You should probably empty norton's quarantine of infected items

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infections you had were alcan, qoologic, surfsidekick and look2me

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot.

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis
  2. You appear to already be running an antivirus, it is essential that you keep it up to date
  3. Use a firewall
    While the firewall built into windows XP will protect you from incoming attacks, it will not monitor outgoing connections
    It is therefore recommended that you install one of the following firewalls
    Sunbelt kerio personal firewall
    Zonealarm
  4. Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  5. Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  6. Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  7. Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  8. Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  9. Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  10. Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  11. Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  12. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

... thank you ...

Unread postby ccinmfd » July 26th, 2006, 6:49 pm

... Thanks for your time and help ... I will review all the recommendations and implement ... I appreciate it ... and will follow up with a formal complaint ... regards, ccinmfd
ccinmfd
Regular Member
 
Posts: 77
Joined: February 4th, 2006, 11:35 am
Location: Milford, CT
Top

Unread postby 'KotaGuy » July 30th, 2006, 10:39 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Top
Advertisement
Register to Remove
Previous
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 160 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index