Author Topic: Terrible virus (Read 27400 times)

matter92 · « **on:** May 11, 2008, 01:46:56 PM »

I recently downloaded what i thought was to be a youtube video downloader.... Unknowlingly, I allowed access to my internet to some user and I got a virus. My computer was running slow shortly after so I restarted my computer. When I did this, I had nothing. The only thing I could do was use task manager. I immediately googled for help and found your site. How can I fix this?

quaxo · « **Reply #1 on:** May 11, 2008, 01:50:05 PM »

I'll let one of the malware guys help you out with this. However, when you get it all sorted, install Free Download Manager. It's a clean, reliable program that can manage downloads and also download videos from YouTube and other video website.

http://www.freedownloadmanager.org/

matter92 · « **Reply #2 on:** May 11, 2008, 01:54:12 PM »

okay, I'll check that out. Thanks.

SuperDave · « **Reply #3 on:** May 11, 2008, 01:54:36 PM »

You should go to the virus portion of these forums and read their instructions. They will want you to download some programs and post the logs here. Your thread will probably be moved to that forum. Good Luck

Broni · « **Reply #4 on:** May 11, 2008, 02:10:12 PM »

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

matter92 · « **Reply #5 on:** May 11, 2008, 02:20:49 PM »

wow, thanks a ton

Broni · « **Reply #6 on:** May 11, 2008, 02:29:09 PM »

Go to work. You'll thank later...LOL

matter92 · « **Reply #7 on:** May 12, 2008, 07:40:36 PM »

I deleted all of the viruses when I ran superantispyware, but when I ran malwarebytes, it found another 230 infected files. What should I do then?

Broni · « **Reply #8 on:** May 12, 2008, 07:46:03 PM »

I need all THREE logs.

matter92 · « **Reply #9 on:** May 12, 2008, 07:52:00 PM »

darn, I closed them

matter92 · « **Reply #10 on:** May 12, 2008, 07:57:52 PM »

First Time:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2008 at 06:39 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:42:51

Memory items scanned : 184
Memory threats detected : 1
Registry items scanned : 5046
Registry threats detected : 0
File items scanned : 72466
File threats detected : 3

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL
   C:\WINDOWS\SYSTEM32\MLJBCBCU.DLL

Adware.MyWebSearch
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE

Second One:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 10:55 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:02:15

Memory items scanned : 209
Memory threats detected : 1
Registry items scanned : 5044
Registry threats detected : 1
File items scanned : 72549
File threats detected : 92

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\IIFEDEFV.DLL
   C:\WINDOWS\SYSTEM32\IIFEDEFV.DLL

Adware.Tracking Cookie
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt

Browser Hijacker.Internet Explorer Settings Hijack
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Adware.MyWay
   C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
   C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
   C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
   C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\myBar\1.bin
   C:\Program Files\MyWay\myBar\Cache\0025ECDC
   C:\Program Files\MyWay\myBar\Cache\0264A392.bin
   C:\Program Files\MyWay\myBar\Cache\0264AF98.bin
   C:\Program Files\MyWay\myBar\Cache\0264B005.bin
   C:\Program Files\MyWay\myBar\Cache\files.ini
   C:\Program Files\MyWay\myBar\Cache
   C:\Program Files\MyWay\myBar\History\search
   C:\Program Files\MyWay\myBar\History
   C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
   C:\Program Files\MyWay\myBar\Settings
   C:\Program Files\MyWay\myBar
   C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin
   C:\Program Files\MyWay\SrchAstt\Cache\0517D83D
   C:\Program Files\MyWay\SrchAstt\Cache\files.ini
   C:\Program Files\MyWay\SrchAstt\Cache
   C:\Program Files\MyWay\SrchAstt
   C:\Program Files\MyWay

Trojan.Unclassified-Packed/Suspicious
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\TEMP.DLL

Adware.MyWebSearch
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE

Trojan.Unclassified/Dropper
   C:\WINDOWS\OADKXRTS.EXE

Trace.Known Threat Sources
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\destrub[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\hd_bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\item4[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\1[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\Install_526_1_[1].exe
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\li[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\warning_label_1[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\item2_1[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\alert[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\alert2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\glb[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\pr_item[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\index[2].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\img1[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\left_bttm[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\scns[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\right_up_lnk[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\crypt[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\4[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\point[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\scns[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\head[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\box[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\folder[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\item5[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\favicon[2].ico
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\2[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\left_top[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\data[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\right_top[1].jpg
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\spacer[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\img2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\bg[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\style[1].css
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\item2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\lupa[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\6[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\common[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\img2[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\script[1].js
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\botton_03[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\5[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\shld[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\bttn[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\setup[1].exe
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\ajax[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\shield[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\right_bttm[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\a[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\warning_label_2[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\but_remove_all[2].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\2P2ZQ5OL\3[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\managers[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\progressbar[1].htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4T0X87A5\shkaladelenie[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\6JUZEHWN\logo[1].gif
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\CAWT23SP.htm
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\IRKVKJO7\stats[2].jpg

matter92 · « **Reply #11 on:** May 12, 2008, 07:58:25 PM »

Third Time:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 09:14 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 01:04:01

Memory items scanned : 433
Memory threats detected : 5
Registry items scanned : 5099
Registry threats detected : 40
File items scanned : 36205
File threats detected : 289

Adware.Vundo Variant/Resident
   C:\WINDOWS\SYSTEM32\WVUNOGXU.DLL
   C:\WINDOWS\SYSTEM32\WVUNOGXU.DLL

Adware.Vundo-Variant/J
   C:\WINDOWS\MPFANVQG.DLL
   C:\WINDOWS\MPFANVQG.DLL
   C:\WINDOWS\VBKSROFA.DLL
   C:\WINDOWS\VBKSROFA.DLL

Trojan.Service
   C:\WINDOWS\SYSTEM32\SERVICE.EXE
   C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE
   [Windows Update] C:\WINDOWS\SYSTEM32\SERVICE.EXE

Rogue.MalWarrior-Installer
   C:\DOCUME~1\MATT~1.MAT\LOCALS~1\TEMP\SETUP_526_1_.EXE
   C:\DOCUME~1\MATT~1.MAT\LOCALS~1\TEMP\SETUP_526_1_.EXE

Adware.SXGAdvisor-A
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\InprocServer32
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\InprocServer32#ThreadingModel
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\ProgID
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\Programmable
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\TypeLib
   HKCR\CLSID\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}\VersionIndependentProgID
   C:\WINDOWS\FVOWKETQSOQ.DLL

Trojan.Unclassified/GTS
   HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\InprocServer32
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\InprocServer32#ThreadingModel
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\ProgID
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\Programmable
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\TypeLib
   HKCR\CLSID\{C17C95A8-9A32-4250-8F46-D7DFBB4B4947}\VersionIndependentProgID
   HKCR\pvnsmfor.1
   HKCR\pvnsmfor
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\0
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\0\win32
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\FLAGS
   HKCR\TypeLib\{85116C11-B265-4635-8FD8-A500007A6915}\1.0\HELPDIR
   C:\WINDOWS\PVNSMFOR.DLL

Adware.Tracking Cookie
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adlegend[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@bluestreak[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@atdmt[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adnetserver[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@clicksor[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@questionmarket[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tradedoubler[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adrevolver[3].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@doubleclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@statcounter[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@serving-sys[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@cgi-bin[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@html[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@apmebf[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@realmedia[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@revsci[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@burstnet[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adserver[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@antivirus-scanner[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@2o7[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@advertising[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@zedo[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@casalemedia[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tacoda[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@tribalfusion[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@insightexpressai[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@OS[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@fastclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@winantivirus[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@trafficmp[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@gomyhit[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@partner2profit[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@specificclick[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@atwola[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@247realmedia[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@media6degrees[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@antispywaremaster[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@interclick[2].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@adbrite[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@mediaplex[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@drivecleaner[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\[email protected][1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\cookies\matt@windowsmedia[1].txt
   C:\Documents and

matter92 · « **Reply #12 on:** May 12, 2008, 07:58:44 PM »

Settings\Matt.MATTSCOMPUTER\cookies\matt@adrevolver[2].txt
   C:\Documents and Settings\Kathy\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kathy\Cookies\[email protected][2].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@insightexpressai[1].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@mywebsearch[2].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@partner2profit[1].txt
   C:\Documents and Settings\Kathy\Cookies\kathy@precisionclick[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@247realmedia[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@2o7[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[3].txt
   C:\Documents and Settings\Matt\Cookies\matt@adbrite[4].txt
   C:\Documents and Settings\Matt\Cookies\matt@adecn[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adinterax[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adlegend[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adnetserver[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adrevolver[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@adultfriendfinder[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@adviva[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@apmebf[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@avsmedia[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@azjmp[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@bluestreak[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@burstnet[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@casalemedia[3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@clickbank[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@clickshift[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@coolsavings[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@dealtime[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@dynamicsitestats[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@ehg-*censored*.hitbox[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@enhance[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@entrepreneur[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@ez-tracks[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@fastclick[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@findology[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@findwhat[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@fonefinder[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@hitbox[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@hornymatches[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@imrworldwide[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@indexstats[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@insightexpressai[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@interclick[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@kontera[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@maxserving[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@mywebsearch[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@overture[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@partner2profit[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@precisionclick[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@pro-market[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@qksrv[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@questionmarket[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@realmedia[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@redorbit[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@revsci[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@roiservice[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@serial[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][4].txt
   C:\Documents and Settings\Matt\Cookies\matt@serving-sys[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@sexprofiler[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@specificclick[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@statcounter[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@superstats[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tacoda[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@toseeka[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tradedoubler[1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[1].txt
   C:\Documents and Settings\Matt\Cookies\matt@tvshowfind[2].txt
   C:\Documents and Settings\Matt\Cookies\matt@valueclick[2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
   C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
   C:\Documents and Settings\Matt\Cookies\matt@zedo[1].txt
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Cookies\matt@banner[1].txt

Adware.UCMore/The Search Accelerator
   C:\Program Files\TheSearchAccelerator\INSTALL.LOG
   C:\Program Files\TheSearchAccelerator

Browser Hijacker.Internet Explorer Settings Hijack
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Adware.MyWay
   C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
   C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
   C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
   C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\myBar\1.bin
   C:\Program Files\MyWay\myBar\Cache\0025ECDC
   C:\Program Files\MyWay\myBar\Cache\0264A392.bin
   C:\Program Files\MyWay\myBar\Cache\0264AF98.bin
   C:\Program Files\MyWay\myBar\Cache\0264B005.bin
   C:\Program Files\MyWay\myBar\Cache\files.ini
   C:\Program Files\MyWay\myBar\Cache
   C:\Program Files\MyWay\myBar\History\search
   C:\Program Files\MyWay\myBar\History
   C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
   C:\Program Files\MyWay\myBar\Settings
   C:\Program Files\MyWay\myBar
   C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin
   C:\Program Files\MyWay\SrchAstt\Cache\0517D83D
   C:\Program Files\MyWay\SrchAstt\Cache\files.ini
   C:\Program Files\MyWay\SrchAstt\Cache
   C:\Program Files\MyWay\SrchAstt
   C:\Program Files\MyWay

Trojan.Net-MSV/VPS
   HKCR\MSVPS.MSVPSApp
   HKCR\MSVPS.MSVPSApp\CLSID
   HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
   C:\WINDOWS\privacy_danger\images\capt.gif
   C:\WINDOWS\privacy_danger\images\danger.jpg
   C:\WINDOWS\privacy_danger\images\down.gif
   C:\WINDOWS\privacy_danger\images\spacer.gif
   C:\WINDOWS\privacy_danger\images
   C:\WINDOWS\privacy_danger\index.htm
   C:\WINDOWS\privacy_danger
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Error Cleaner.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Privacy Protector.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Desktop\Spyware&Malware Protection.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Error Cleaner.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Privacy Protector.url
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Favorites\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Malware.LocusSoftware Inc/ConfidentSurf
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ "C:\Program Files\Common Files\System Doctor\dcmon.exe" ]

Rogue.MalWarrior
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\Adsl Software Limited

Trojan.Media-Codec/V5
   C:\Program Files\Helper\1202352666.dll
   C:\Program Files\Helper\1202352667.dll
   C:\Program Files\Helper\1202352756.dll
   C:\Program Files\Helper

Rogue.AntiSpywareMaster
   C:\Program Files\AntiSpywareMaster\asm.exe
   C:\Program Files\AntiSpywareMaster
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk
   C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiSpywareMaster
   HKU\S-1-5-21-790525478-746137067-839522115-1004\Software\AntiSpywareMaster
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#AntiSpywareMaster [ C:\Program Files\AntiSpywareMaster\asm.exe ]
   C:\Documents and Settings\Matt.MATTSCOMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk

Trojan.Unclassified/Out-Variant
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BMPWTGLI.DLL

Trojan.Downloader-Gen/MobRules
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\IRUDSHGZ.DLL

Trojan.Net-Explore/DND
   C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\INFO.EXE
   C:\DOCUMENTS AND SETTINGS\KATHY\START MENU\PROGRAMS\STARTUP\INFO.EXE
   C:\DOCUMENTS AND SETTINGS\MATT\START MENU\PROGRAMS\STARTUP\INFO.EXE

Adware.E404 Helper/Variant-A
   C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AIFMM0J1\QWERTY1[1].HTM
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0YKI4HWX\LMMQRV[1].HTM

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

Rogue.LocusSoftware-Installer
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\QRJATYDI.EXE

Trojan.Unknown Origin
   C:\DOCUMENTS AND SETTINGS\MATT\LOCAL SETTINGS\TEMP\~DFB4A9.TMP

Rogue.SystemDefender-Installer
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\DESKTOP\SYSTEMDEFENDER_INSTALLER.EXE

Rogue.Antivirus 2008/Installer
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XDOFCY0D.DEFAULT\CACHE\B207EDF5D01

Trojan.Smitfraud Variant
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\SYSTEMDOCTOR2006FREEINSTALL.EXE
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2P2ZQ5OL\SYSTEMDOCTOR2006FREEINSTALL[1].EXE

Trojan.Unclassified-Packed/Suspicious
   C:\DOCUMENTS AND SETTINGS\MATT.MATTSCOMPUTER\LOCAL SETTINGS\TEMP\TEMP.DLL

Broni · « **Reply #13 on:** May 12, 2008, 08:02:08 PM »

I still need Malwarebytes log, and HijackThis log.

matter92 · « **Reply #14 on:** May 12, 2008, 08:04:05 PM »

hmm... know how to reformat a dell dimension 4700? Cus this is really annoying, unless.... would you do logmein.com for me?

Computer Hope Forum

News:

Author Topic: Terrible virus (Read 27400 times)

matter92

Terrible virus

quaxo

Re: Terrible virus

matter92

Re: Terrible virus

SuperDave

Re: Terrible virus

Broni

Re: Terrible virus

matter92

Re: Terrible virus

Broni

Re: Terrible virus

matter92

Re: Terrible virus

Broni

Re: Terrible virus

matter92

Re: Terrible virus

matter92

Re: Terrible virus

matter92

Re: Terrible virus

matter92

Re: Terrible virus

Broni

Re: Terrible virus

matter92

Re: Terrible virus