Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C.exe


  • Please log in to reply
6 replies to this topic

#1 smabley

smabley

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 19 October 2009 - 09:31 PM

I have recently had problems with a c.exe file. A description of the file is available at http://www.fileinspect.com/fileinfo/c-exe/ . I am currently running windows xp. I have used Kaspersky antivirus to quarantine this file, as well as running Superanitspyware, Spyware Terminator, and Malwarebytes Anti-Malware to remove c.exe but it keeps coming back. The file always comes back to my C:\Documents and Settings\Scott\Local Settings\Temp folder. Any help in removing this would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 20 October 2009 - 01:09 PM

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
[color="green"]Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 smabley

smabley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 20 October 2009 - 05:28 PM

Here all the results of my MBAM Scan.

Malwarebytes' Anti-Malware 1.41
Database version: 2981
Windows 5.1.2600 Service Pack 3

10/19/2009 6:32:19 PM
mbam-log-2009-10-19 (18-32-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 379418
Time elapsed: 2 hour(s), 22 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I am currently following the rest of your suggestions and will post those logs as well.

Edited by smabley, 20 October 2009 - 05:30 PM.


#4 smabley

smabley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 20 October 2009 - 10:03 PM

I am not sure how to post the Dr.Web cure it log file but it scanned 662598 things and found 0 infected, suspicious, etc...

The log of Norman Malware Cleaner was as follows:

Norman Malware Cleaner
Version 1.5.0.5
Copyright 1990 - 2009, Norman ASA. Built 2009/10/20 03:26:07

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/10/20 03:26:07, Variants: 4075012

Scan started: 20/10/2009 19:46:41

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode with network) Service Pack 3
Logged on user: E6600\Scott



Scanning running processes and process memory...

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Infected with W32/GrayBird.ALQV)
Terminated process
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> AVP = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe""
Removed service: avp
Deleted file

Number of processes/threads found: 2038
Number of processes/threads scanned: 2038
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 1
Total scanning time: 33s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe (Infected with W32/GrayBird.ALQV)
Deleted file


C:\Program Files\illusion\SexyBeach 3 Plus\data\IluPak.exe (Infected with W32/Stration.INY)
Deleted file

C:\Program Files\illusion\SexyBeach3\data\IluPak.exe (Infected with W32/Stration.INY)
Deleted file

Scanning: D:\*.*



Running post-scan cleanup routine:

Number of files found: 230804
Number of archives unpacked: 0
Number of files scanned: 230777
Number of files not scanned: 27
Number of files skipped due to exclude list: 0
Number of infected files found: 3
Number of infected files repaired/deleted: 3
Number of infections removed: 3
Total scanning time: 1h 1m 7s

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 20 October 2009 - 10:38 PM

Please perform a scan with F-Secure Online Scanner
(Requires Internet Explorer (or FireFox with IE Tab) to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
  • Click on the "Start scanning" button under Start your scan.
  • You will be prompted to accept the certificate and the license terms to install the tool.
  • Read the license agreement and click "Accept".
  • You may receive an alert on the address bar at this point to install the ActiveX control.
  • Click on that alert and then click "Insall ActiveX component".
  • Click "Custom Scan" and be sure the following are checked:
    • Scan whole System
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • When the scan completes, select "Disinfect" and click "Next".
  • When done click "Show report" and copy/paste its contents into your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 smabley

smabley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 21 October 2009 - 12:35 AM

Here are the results of my F-Secure online scanner :

Scanning Report
Tuesday, October 20, 2009 22:06:12 - 23:31:09

Computer name: E6600
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
3 malware found
TrackingCookie.2o7 (spyware)

* System (Disinfected)


TrackingCookie.Webtrends (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 992889
* System: 4808
* Not scanned: 185

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* Not cleaned: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\tlinux6\base.img
* C:\Program Files\World of Warcraft\Data\common-2.MPQ
* C:\Program Files\World of Warcraft\Data\common.MPQ
* C:\Program Files\World of Warcraft\Data\lichking.MPQ
* C:\Program Files\World of Warcraft\Data\patch.MPQ
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\Ad-Aware SE Default.skn
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\arrow1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\arrow2.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bck1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt11.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt12.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt13.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt21.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt22.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt23.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt31.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt32.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt33.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt41.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt42.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt43.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt51.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt52.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt53.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt61.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\bt62.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\checkbox1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\checkbox2.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\checkbox3.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\checkbox4.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\defbtn1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\defbtn2.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\defbtn3.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph1.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph2.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph3.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph4.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph5.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph6.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\glyph7.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\main.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\preview.bmp
* C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\sprite1.bmp
* C:\Program Files\BitLord\Downloads\Transformers.Revenge.Of.The.Fallen.TS.XviD-FLAWL3SS\Transformers.Revenge.Of.The.Fallen.TS.XviD-FLAWL3SS.avi
* C:\DOCUMENTS AND SETTINGS\SCOTT\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\SCOTT\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\FML7E.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF1B5F.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF7660.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF76C.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF771D.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF7901.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF792B.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF7A3A.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMP\~DF7A65.TMP
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{18514EB8-BDF5-11DE-B644-0018F36D27EF}.DAT
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{18514EB7-BDF5-11DE-B644-0018F36D27EF}.DAT
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{D9A92EA0-334F-4DEC-9FA4-1EE1ED8BAEE8}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX
* C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\APPLICATION DATA\APPLE COMPUTER\SAFARI\SAFEBROWSING.DB-JOURNAL
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{018149ED-9625-4C82-B543-DB672E58FCE6}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{09310D31-299A-4513-A793-E652172C20FC}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{158F4A1A-B19F-4676-BF85-9A00A5E1F41E}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{1D1AC4A9-8086-49A2-AD29-ED30693629EC}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{263DC6CD-9712-4C0D-838F-7EB087FD5F30}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{28634FE9-8485-4007-96F6-081E1298DE4D}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{3E165C2A-B454-416D-B02B-2E752845E8DE}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{42651AE5-A711-4120-950D-8C0B9285670B}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{4565B61B-D097-4AB6-B37E-451D8E6988D4}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{4E6099D0-6592-4F90-9995-B068C5AA2D88}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{4F58718F-2A94-4F39-86E2-94F3B9327E70}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{4FAECB65-1DC6-40D0-8264-CF93BC006FCF}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{500FE231-DC66-4886-A28B-9CAC3DCCC8BF}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{52C7FC5C-5F37-4820-B6DA-D598771A906F}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{55E848D8-10E8-46CC-94C4-542CF0E3B123}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{5BC42F27-0D21-46CA-870B-E435C19BF3DF}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{678AD868-A7B9-4056-BE15-7C0CE3691D5A}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{68210DC9-2CBA-4ADB-A7D0-801899F560B5}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{6BFA6C6D-358B-477F-A626-EED6FBD99EFC}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{6C2AE34A-0D05-429D-B2AE-03B3E880CF19}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{75771AB4-FE2A-4FA9-8579-320E9B7FD9DF}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{759975EE-80F4-45F0-AB6A-813D52D892B0}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{7A67792F-3C5F-4E67-ADCE-1C5BAA96A173}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{7AE33825-CC3D-4062-AE39-1486DFE11AD4}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{7C3D9EB2-F47A-4C8F-A041-E84BF821A45C}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{83C5A769-B612-4949-9225-1CA7F2D28364}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{8F117459-8047-414B-A70C-B5BC9FBC647D}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{8F3AE1FE-9C66-43E0-913B-AE0E72D2D5C6}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{9A8B4418-220D-42BF-89DE-ABF0E88C2D44}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{A275F59A-321B-46AE-9421-DAA7A3E486A4}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{A464824D-0EFE-4C42-B71E-27BEF9781A75}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{A5C488E4-8E34-43D1-B405-958FD12E5105}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{ADEF00BD-0FC7-466A-B5DF-A10D3FB17A2B}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{B76B8C54-4B79-48F4-B65F-C37386622DFB}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{B83F1BAE-5CFF-44D6-B108-1B9202789292}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{CE2DC276-C497-4894-B2ED-8914C3F98FB6}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{DB1908F2-AE57-4D5D-AD54-C3ACB16B8E75}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{DCB0CB26-CE41-4232-8EF2-5D1E4DCF89F5}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{DE3A34D7-1B8F-4AD0-A3CA-3F3DCC43DAC8}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{E4F2A2B2-5A4E-4609-9506-CC22A11420B6}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{ECADCE8A-66F9-4568-B823-682815863653}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\{F6B537B9-4D13-4F35-9915-7C50875B0F97}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-18-2009 - 23-05-44.SBU\backup.db
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 19-29-34.SBU\{3122889A-E4FD-4F07-87DF-7B3DC49826A9}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 19-29-34.SBU\{E0B2F6E3-9625-41CA-A3DB-93F7E52DE035}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 19-29-34.SBU\{E45FFC1F-61BA-4B9B-8517-85174BFDF5B4}
* C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 19-29-34.SBU\backup.db
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\GUEST\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\GUEST\NTUSER.DAT.LOG
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackdoorWinMsnLog1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackdoorWinMsnLog1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackdoorWinMsnLog.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackdoorWinMsnLog.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BPSSpywareRemover.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BPSSpywareRemover.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentyr.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentyr.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.ini
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.DAT.LOG
* C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 09-02-18.SBU\backup.db
* C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 11-46-47.SBU\backup.db
* C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 14-53-37.SBU\backup.db
* C:\CYGWIN\HOME\GUEST\.BASH_HISTORY

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 21 October 2009 - 06:10 AM

How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users