Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windowsfy And Wp.exe


  • This topic is locked This topic is locked
41 replies to this topic

#1 Dennise

Dennise

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 19 January 2007 - 07:52 PM

I am NOT having any (known) problems now but I note the WindowsFY process in C:\ shows up in a "WhatsRunning" scan. It appears as a startup item but does not seem to actually run.

It this a threat? Can I just disable it as a startup application? Should I simply delete the file wp.exe? Suggestions please?

Here's my HJT scan log.

Logfile of HijackThis v1.99.1
Scan saved at 4:15:37 PM, on 1/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
A:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=364
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=364
N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///C:/DWeaverSites/DE%20Netscape%20Home%20Page/DEWWWPortalDW.htm"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {1B4EAA86-3CC6-47CF-A156-FF49DEF3ABE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1B4EAA86-3CC6-47CF-A156-FF49DEF3ABE6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {732D680D-D159-48C0-B3FB-F6BADC6708DA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {732D680D-D159-48C0-B3FB-F6BADC6708DA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7F79A0F9-CD26-40A5-AD42-CC7DE4A36C2E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F79A0F9-CD26-40A5-AD42-CC7DE4A36C2E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CACEE034-DB32-486E-8D33-865A0F8695B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CACEE034-DB32-486E-8D33-865A0F8695B1} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162854852734
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 January 2007 - 07:51 AM

Hello Dennise, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

It this a threat?

Yes, this is actually a malware entry, and there seems to be few more in your log as well, which need cleaning up.

Please disable Spybot's "TeaTimer" function as it may hinder the removal of the infection:
Open Spybot and click on Mode and check Advanced Mode
Check Yes to next window.
Click on Tools in bottom left hand corner.
Press on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

Please remember to re-enable it after you're clean.

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

WeatherBug
WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com).
There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers.
However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately.
WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=364
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=364
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1B4EAA86-3CC6-47CF-A156-FF49DEF3ABE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1B4EAA86-3CC6-47CF-A156-FF49DEF3ABE6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {732D680D-D159-48C0-B3FB-F6BADC6708DA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {732D680D-D159-48C0-B3FB-F6BADC6708DA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7F79A0F9-CD26-40A5-AD42-CC7DE4A36C2E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F79A0F9-CD26-40A5-AD42-CC7DE4A36C2E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CACEE034-DB32-486E-8D33-865A0F8695B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CACEE034-DB32-486E-8D33-865A0F8695B1} - (no file) (HKCU)


Note: the entry highlighted in blue is for WeatherBug; if you decided to remove it, please also check that entry.

Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files (if present):

C:\WINDOWS\System32\wer8274.dll
C:\wp.exe

Also delete this folder if you removed WeatherBug:

C:\Program Files\AWS

Reboot into Normal Mode.
Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Please post me back the Panda report, and with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 20 January 2007 - 01:17 PM

Rookie147,

Thanks for looking at my HJT log file. Before I proceed, I have a question.

You said "Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button." Now, I was advised NOT install and run HJT from my hard drive. Accordingly, I installed an run HJT from a floppy disc.

Does this notably change your suggested procedure to clean my PC?

Dennise

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 January 2007 - 04:31 PM

Basically, in order for HijackThis to work fine, it needs to be in a folder. Running HJT directly from your C:\ drive is not advised, but running it from a folder located somewhere is fine. Similarly, if you are running it directly off of your floppy drive this can be bad, but placing it in a folder will do.
This is quite difficult to explain; I hope I did so well enough... :thumbsup:
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 20 January 2007 - 07:05 PM

OK. I should run HJT from it's own folder. Yes.

Which is preferred?

A: The HJT folder should be on the hard drive (C:).

or

B. The HJT folder should be on the floppy drive (A:).

A or B?

Dennis

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 January 2007 - 07:06 PM

Either one, it really doesn't matter..

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 20 January 2007 - 07:23 PM

OK, I'll leave it on a floppy disc.

I'll be leaving town soon, so I plan to try your procedure in a few days.

Dennise

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 21 January 2007 - 04:56 AM

Thanks for letting me know, I look forward to your reply when you return.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 25 January 2007 - 08:41 PM

OK, I followed your procedure. HJT and Panda report logs follow below.

First though, a few notes:

1. I decided to keep Weatherbug
2. I did NOT find C:\WINDOWS\System32\wer8274.dll but instead found wer8274.ini and wer8274.tmp. I did NOT delete these.
3. I did NOT find C:\wp.exe but instead found wp.bmp. I did NOT delete this file.
4. Panda would NOT run with my FireFox browser, so I ran it from IE 6.x PandaScan found lots of stuff. How much of it is serious?

Thanks in advance for taking a look at these.

Here's my HJT log AFTER I made your changes:

Logfile of HijackThis v1.99.1
Scan saved at 5:20:08 PM, on 1/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Utilities\Security\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///C:/DWeaverSites/DE%20Netscape%20Home%20Page/DEWWWPortalDW.htm"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162854852734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


Here's the Panda Scan AFTER I made your changes:

Incident Status Location

Hacktool:Exploit/URLSpoof Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0000531.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002251.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002316.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002346.~]
Virus:Trj/Goldun.IP Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[setup.zip][Setup.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002647.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003055.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003291.~]
Hacktool:Exploit/URLSpoof Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003319.~]
Virus:Trj/Goldun.Q Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[setup.rar][SecurityEgold.EXE]
Virus:Trj/Mitglieder.BO Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[345556.rar][dddd.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003383.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003538.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003591.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0004625.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0004686.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005006.~]
Virus:W32/Sober.U.worm!CME-414 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[your_text.zip][mail.document.Datex-packed.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005206.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005613.~]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0006782.~]
Virus:W32/Bagle.ER.worm Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[new__price.zip][06.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0009842.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0013063.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0016416.~]
Adware:adware/cws Not disinfected C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Dennis\.jpi_cache\file\1.0\Dummy.class-5db50b5e-48120a14.class
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Dennis\.jpi_cache\jar\1.0\archive.jar-60d4ac05-5e04d544.zip[Mein.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Dennis\.jpi_cache\jar\1.0\archive.jar-60d4ac05-5e04d544.zip[Beyond.class]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.adtech.de/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[hc2.humanclick.com/hc/74139060]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.target.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.target.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.target.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.adtech.de/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[hc2.humanclick.com/hc/74139060]
Hacktool:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0000531.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002251.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002316.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002346.~]
Virus:Trj/Goldun.IP Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[setup.zip][Setup.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002647.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003055.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003291.~]
Hacktool:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003319.~]
Virus:Trj/Goldun.Q Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[setup.rar][SecurityEgold.EXE]
Virus:Trj/Mitglieder.BO Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[345556.rar][dddd.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003383.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003538.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003591.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0004625.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0004686.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005006.~]
Virus:W32/Sober.U.worm!CME-414 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[your_text.zip][mail.document.Datex-packed.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005206.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005613.~]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0006782.~]
Virus:W32/Bagle.ER.worm Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[new__price.zip][06.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0009842.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0013063.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0016416.~]
Virus:Trj/Haxdoor.LZ Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[WC2905036.zip][WC2905036.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@burstnet[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@dist.belnk[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@www.burstbeacon[2].txt
Adware:Adware/Tubby Not disinfected C:\WINDOWS\system32\MTC.ini
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:adware/bluescreenwarning Not disinfected C:\wp.bmp
Spyware:Cookie/Atlas DMT Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.com.com/]
Spyware:Cookie/Bluestreak Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.serving-sys.com

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 26 January 2007 - 11:16 AM

I don't think you posted the full Panda log, to me it seems some has got cut off. Can you post me the whole log again please, using more than one reply if necessary.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 27 January 2007 - 12:37 PM

Panda Scan Part 1


Incident Status Location

Hacktool:Exploit/URLSpoof Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0000531.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002251.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002316.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002346.~]
Virus:Trj/Goldun.IP Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[setup.zip][Setup.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0002647.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003055.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003291.~]
Hacktool:Exploit/URLSpoof Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003319.~]
Virus:Trj/Goldun.Q Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[setup.rar][SecurityEgold.EXE]
Virus:Trj/Mitglieder.BO Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[345556.rar][dddd.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003383.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003538.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0003591.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0004625.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0004686.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005006.~]
Virus:W32/Sober.U.worm!CME-414 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[your_text.zip][mail.document.Datex-packed.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005206.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0005613.~]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0006782.~]
Virus:W32/Bagle.ER.worm Disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[new__price.zip][06.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0009842.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0013063.~]
Hacktool:Exploit/iFrame Not disinfected C:\Data\BackUp Stuff\Netscape\Mail\mail.earthlink.net\Inbox[~0016416.~]
Adware:adware/cws Not disinfected C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Dennis\.jpi_cache\file\1.0\Dummy.class-5db50b5e-48120a14.class
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Dennis\.jpi_cache\jar\1.0\archive.jar-60d4ac05-5e04d544.zip[Mein.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Dennis\.jpi_cache\jar\1.0\archive.jar-60d4ac05-5e04d544.zip[Beyond.class]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.adtech.de/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[hc2.humanclick.com/hc/74139060]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\5rhvumn1.default\cookies.txt[.target.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.target.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.target.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.adtech.de/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[hc2.humanclick.com/hc/74139060]
Hacktool:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0000531.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002251.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002316.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002346.~]
Virus:Trj/Goldun.IP Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[setup.zip][Setup.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0002647.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003055.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003291.~]
Hacktool:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003319.~]
Virus:Trj/Goldun.Q Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[setup.rar][SecurityEgold.EXE]
Virus:Trj/Mitglieder.BO Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[345556.rar][dddd.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003383.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003538.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0003591.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0004625.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0004686.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005006.~]
Virus:W32/Sober.U.worm!CME-414 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[your_text.zip][mail.document.Datex-packed.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005206.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0005613.~]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm!CME-456 Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0006782.~]
Virus:W32/Bagle.ER.worm Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[new__price.zip][06.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0009842.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0013063.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[~0016416.~]
Virus:Trj/Haxdoor.LZ Disinfected C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\Mail\mail.earthlink.net\Inbox[WC2905036.zip][WC2905036.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@ad.yieldmanager[2].txt

End PandaScan part 1.

#12 Dennise

Dennise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:07:55 AM

Posted 27 January 2007 - 12:39 PM

PandaScan paert 2 of 2

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@burstnet[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@dist.belnk[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dennis\Cookies\dennis@www.burstbeacon[2].txt
Adware:Adware/Tubby Not disinfected C:\WINDOWS\system32\MTC.ini
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:adware/bluescreenwarning Not disinfected C:\wp.bmp
Spyware:Cookie/Atlas DMT Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.com.com/]
Spyware:Cookie/Bluestreak Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/bravenetA Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/360i Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/CentrPort Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Bfast Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[server.iad.liveperson.net/hc/LPearthlink2]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[statse.webtrendslive.com/S005-01-8-22-269153-98647]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[statse.webtrendslive.com/dcsklxjd7oifwzramfu7ehxd9_2j2f]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\0d3iakhl.slt\cookies.txt[statse.webtrendslive.com/dcsi8dupuerp17vzhd59b2lwc_8u5u]

End PandaScan part 2 of 2

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 27 January 2007 - 04:06 PM

Hey there,
It looks to me like you have a lot of infected emails, and this could have been where your infection came from in the first place. Therefore, I would reccommend you go through all your emails and delete any unknown ones, or any that you don't trust the sender 100%.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Please download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the program now, we will scan with it later on.

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Click Start | Control Panel.
Double click the Java icon.
Click Settings under "Temporary Internet Files".
Press Delete Files.
A window will open with three options to clear the cache.
- Delete Files
- View Applications
- View Applets
Click OK on "Delete Temporary Files" window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on "Temporary Files Settings" window.

Find and delete the following files:

C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
C:\WINDOWS\system32\MTC.ini
C:\WINDOWS\system32\spoolsrv32.exe
C:\wp.bmp

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Reboot into Normal Mode again.

Please post me back the AVG report, and let me know- how are things running?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 03 February 2007 - 04:40 AM

Due to lack of feedback, this topic is now closed.

If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 05 February 2007 - 03:04 PM

Re-opened... :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users