|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
June 29th, 2009, 02:24 AM
|
|||
|
|||
|
"my web search"
Hi Experts,
Can someone please help me permanantly remove "my web search" from my computer. Thank you in advance. Blewweyezz  [Moved to Malware Removal Forum by zipulrich] 
|
|
#2
June 29th, 2009, 06:21 AM
|
||||
|
||||
|
Hello blewweyezz, and welcome to CTH.
We need to get a report of what is present in your system. Download: CCleaner here: Ccleaner Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Old Prefetch Data Next: click Options click the Settings tab Uncheck: "Only delete files older than 48 hrs.", click Ok Then click Run Cleaner (bottom right) then Exit Please download Malwarebytes' Anti-Malware: Malwarebytes-Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Click here: HJTInstall.exe to download HJTinstall.exe Save HJTinstall.exe to your desktop. Double click on the HJTinstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\Hijack This. Click I accept Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Post hijackthis log along with Malwarebytes' Anti-Malware log.
|
|
#3
June 30th, 2009, 01:05 AM
|
|||
|
|||
|
As per the CTH guidelines for the Cyber Safety forum shown Here, this post has been deleted. Members who have not been approved by the CTH Staff to provide infection removal/repair steps are prohibited from posting advice. Please disregard any information/steps that had been posted here.
Last edited by Jintan; June 30th, 2009 at 09:42 AM.
|
|
#4
July 11th, 2009, 10:10 PM
|
|||
|
|||
|
my apologies!
Dear Experts,
I am very sorry to have not follow your instructions with my issue. I have not had internet access until now. I will do as you suggest right now and post back the necessary information for your help. Thank you Blewweyezz
|
|
#5
July 11th, 2009, 11:51 PM
|
|||
|
|||
|
Log Files
Experts,
Here are the log files from HJT as well as the Malware log. Apparently the logs are quite long and I can't display both in one post. I will post the HJT log here and will post again with the Malware log. Thank you again for your help. Below is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:37:23 PM, on 7/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Vongo\VongoTray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywebsearch.com/jsp/cfg_r...acer.yahoo.com (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - MRI_DISABLED - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [StarzTray] "C:\Program Files\Vongo\VongoTray.exe" O4 - HKLM\..\Run: [Skytel] "C:\Windows\Skytel.exe" O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 7737 bytes
|
|
#6
July 11th, 2009, 11:59 PM
|
|||
|
|||
|
Malwarebytes log (part 1)
The entire log is too long for one post I will post it in parts...
Part 1: Malwarebytes' Anti-Malware 1.38 Database version: 2411 Windows 6.0.6001 Service Pack 1 7/11/2009 3:29:22 PM mbam-log-2009-07-11 (15-29-22).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 164935 Time elapsed: 1 hour(s), 2 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 33 Registry Values Infected: 6 Registry Data Items Infected: 1 Folders Infected: 13 Files Infected: 298 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\rhc37sj0et0e (Rogue.AntiVirusXP2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhc37sj0et0e (Rogue.AntiVirusXP2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{044d5a1e-537d-4277-8a02-194e5e290582} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9d50f5c8-2bc1-4b57-a296-2cc01cacab40} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\alphawipe tracks cleaner 2008_is1 (Rogue.AlphaWipe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: c:\programdata\microsoft\Windows\start menu\Programs\AlphaWipe Tracks Cleaner 2008 (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\AlphaWipe Tracks Cleaner 2008 (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\interface (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\Users\Amy\Local Settings\Application Data\AlphaWipe (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Data (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Data\run_backup (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Quarantine (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Settings (Rogue.PrivacyKit) -> Quarantined and deleted successfully. Files Infected: c:\programdata\microsoft\Windows\start menu\Programs\alphawipe tracks cleaner 2008\AlphaWipe Tracks Cleaner 2008 on the Web.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\alphawipe tracks cleaner 2008\AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\alphawipe tracks cleaner 2008\Uninstall AlphaWipe Tracks Cleaner 2008.lnk (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\alphawipe.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
|
|
#7
July 12th, 2009, 12:04 AM
|
|||
|
|||
|
Part 2
Part 2:
c:\program files\alphawipe tracks cleaner 2008\alphawipe.url (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\pkill.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\pv.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\unins000.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\unins000.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\up.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\upd.exe (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\interface\English.lng (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ebay_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ebay_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_10.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_10.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_11.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_11.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_deskbar.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\googl_deskbar.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie7_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie7_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_bho.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_bho.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_ext.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_ext.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_favorites.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_favorites.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_menuext.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_menuext.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_pubwiz.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_pubwiz.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_sassist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_sassist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_typedurls.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\ie_typedurls.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_formhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_formhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_gtb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_gtb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_lochistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_lochistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_signons.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\mozilla_signons.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\msn_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\msn_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_contacts.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_contacts.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_notes.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera9_notes.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_autocomplete.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_autocomplete.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_bookmarks.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_bookmarks.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_cache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_cache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_contacts.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_contacts.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_cookies.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_cookies.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_notes.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\opera_notes.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\tb_googl.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\tb_yahoo.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\tb_yahoo.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\yahoo_mess.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\yahoo_mess.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\yahoo_tb.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\browsers\yahoo_tb.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee30_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee30_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee30_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee40_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee40_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee40_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee50_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee50_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee50_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee70_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee70_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee70_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee80_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee80_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acdsee80_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread40_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread40_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread40_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread50_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread50_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread50_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\acroread60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aim60.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aim60.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aim60.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph60_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph60_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph60_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph70_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph70_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\aph70_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\axiaw_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\axiaw_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\ccftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\ccftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\ccga_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
|
|
#8
July 12th, 2009, 12:06 AM
|
|||
|
|||
|
Part 3
Part 3:
c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\ccga_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftphe_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftphe_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftppe_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftppe_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftp_rhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\cftp_rhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\divx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\divx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\dm.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\dm.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\dm.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\emule_logs.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\emule_logs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\emule_logs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\far.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\far.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\far.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\frontpage_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\frontpage_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\gr.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\gr.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_cfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_cfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_pfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_pfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_rfiles_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\htmlhelp_rfiles_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2002a.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2002a.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2003a.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2003a.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2003b.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\icq2003b.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\im.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\innosetup_mru.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\innosetup_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\innosetup_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdw30.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdw30.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdw40.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdw40.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdwmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mdwmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mfmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mfmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mfwmx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mfwmx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\miranda.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\miranda.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\miranda.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mphe30_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mphe30_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\mphe30_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\msnm_rf.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\msnm_rf.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\msnm_rf.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\nerobr_history.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\nerobr_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\nerobr_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\oe.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\oe.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\oe_dbx.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\oe_dbx.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\picozip_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\picozip_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\vdub_mru.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\vdub_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\vdub_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wa.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wa.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wa.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wace_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wace_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\winace_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\winace_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wmp.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wmp_mru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wmp_mru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_archistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_archistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_archistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wrar_dialogedithistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_archistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_archistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_archistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_dirhistory.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_dirhistory.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
|
|
#9
July 12th, 2009, 12:07 AM
|
|||
|
|||
|
Part 4
Part 4:
c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\wzip_dirhistory.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\za_logs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\za_logs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\zipmagic_history.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\zipmagic_history.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\msoffice\zl.bmp (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_compdesc.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_compdesc.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_lastvisitedmru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_lastvisitedmru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_logonuname.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_logonuname.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_mapnetdrivemru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_mapnetdrivemru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_opensavemru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_opensavemru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_openwithhist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_openwithhist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_recentdocs.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_recentdocs.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_run.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_run.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_streammru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_streammru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_userassist.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_userassist.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wallpapermru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wallpapermru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wgcrawlerprinters.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wgcrawlerprinters.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wgcrawlershares.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\e_wgcrawlershares.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\groups.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\r_run.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\r_run.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\t_bitbucket.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\t_bitbucket.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\t_temp.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\t_temp.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_arpcache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_arpcache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_bagmru.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_bagmru.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_muicache.en (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\program files\alphawipe tracks cleaner 2008\Plugins\windows\w_muicache.js (Rogue.AlphaWipe) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\13_11_2008_03_52_13_937.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\13_11_2008_21_33_43_121.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\13_11_2008_22_32_44_638.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\13_11_2008_23_10_18_997.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\13_11_2008_23_55_05_87.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Logs\14_11_2008_12_32_23_21.log (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\quarantine\06_07_2008_17_06_15.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\quarantine\06_07_2008_17_07_00.qrt (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\local settings\application data\alphawipe\Settings\psettings.txt (Rogue.PrivacyKit) -> Quarantined and deleted successfully. c:\Users\Amy\AppData\Roaming\microsoft\internet explorer\quick launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully. c:\Users\Amy\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. c:\Users\Amy\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. c:\Users\Amy\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. c:\Users\Amy\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Windows\System32\CodecBHO.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Amy\favorites\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
|
|
#10
July 12th, 2009, 06:27 AM
|
||||
|
||||
|
YouŽve certainly got rid of some infections, IŽll therefore suggest we dig deeper and check for more (possible) infections ->
Please download combofix here -> ComboFix Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it. Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. Now, please make sure no other programs are running, close all other windows. Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal. You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply
|
|
#11
July 12th, 2009, 05:02 PM
|
|||
|
|||
|
Help!
I followed your instructions for combofix. Now the computer is not working. I am on another computer right now. I rebooted... and i get the windows startup screen but when i am supposed to get the login screen its nothing but black screen. No icons... nothing! What do i do???
|
|
#12
July 12th, 2009, 05:04 PM
|
|||
|
|||
|
Help
I even tried to start it in safemode nothing is working!!! What do I do to fix this at least to restore it. This is bad
|
|
#13
July 12th, 2009, 07:06 PM
|
|||
|
|||
|
Got it back on
I had to restore the system to get it going again. I am not sure if in doing so I have put all that we did prior to this back in here. I can redo all that we did so far and run the programs again. I would rather wait until I get your opinion before doing anything.
Thanks
|
|
#14
July 12th, 2009, 11:00 PM
|
|||
|
|||
|
Here is the Combofix log
Here is the Combofix log that saved to c: before i had to restore. I wasnt aware that it saved or would have posted it right away. Take a look and let me know what our next step is. Thank you again for all the help and i am sorry for my panic earlier.
Below is Combofix log: ComboFix 09-07-11.02 - Amy 07/12/2009 8:34.1.2 - NTFSx86 Microsoftź Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1013.266 [GMT -7:00] Running from: c:\users\Amy\Desktop\Desktop\321.com AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 ))))))))))))))))))))))))))))))) . 2009-07-12 15:44 . 2009-07-12 15:45 -------- d-----w- c:\users\Amy\AppData\Local\temp 2009-07-11 21:22 . 2009-07-11 21:22 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes 2009-07-11 21:22 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-11 21:22 . 2009-07-11 21:22 -------- d-----w- c:\programdata\Malwarebytes 2009-07-11 21:22 . 2009-07-11 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-11 21:22 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-11 21:16 . 2009-07-11 21:16 -------- d-----w- c:\program files\CCleaner 2009-07-05 05:29 . 2009-07-05 05:29 -------- d-----w- c:\windows\CheckSur 2009-06-29 00:22 . 2009-06-29 00:22 -------- d-----w- c:\programdata\Yahoo! Companion 2009-06-28 21:47 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-28 21:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-06-28 21:47 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-28 21:32 . 2009-06-28 21:32 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll 2009-06-28 21:27 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-28 21:27 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-07-12 01:13 . 2009-07-12 01:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf 2009-07-11 22:36 . 2008-07-03 14:50 -------- d-----w- c:\program files\Trend Micro 2009-07-05 04:16 . 2009-07-05 04:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf 2009-06-29 02:03 . 2007-03-28 11:54 -------- d-----w- c:\programdata\Microsoft Help 2009-06-29 02:02 . 2007-03-28 11:58 -------- d-----w- c:\program files\Microsoft Works 2009-06-29 01:04 . 2008-07-05 06:13 -------- d-----w- c:\program files\Google 2009-06-29 00:58 . 2008-07-10 05:38 -------- d-----w- c:\program files\RealArcade 2009-06-29 00:57 . 2008-10-02 22:19 -------- d-----w- c:\programdata\Napster 2009-06-29 00:57 . 2007-03-28 11:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-29 00:56 . 2008-07-16 12:40 -------- d-----w- c:\program files\Gunner 2 2009-06-29 00:55 . 2008-07-16 16:23 -------- d-----w- c:\program files\NovaLogic 2009-06-29 00:54 . 2008-07-31 12:22 -------- d-----w- c:\program files\AirStrike II Gulf Thunder DEMO 2009-06-29 00:53 . 2008-07-31 12:46 -------- d-----w- c:\program files\AirStrike II DEMO 2009-06-29 00:53 . 2008-07-31 12:39 -------- d-----w- c:\program files\AirStrike3D DEMO 2009-06-29 00:52 . 2008-07-22 21:50 -------- d-----w- c:\program files\Air Strike 2 2009-06-28 22:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-24 22:32 . 2009-05-24 22:32 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll 2009-05-09 08:14 . 2009-05-09 08:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2009-05-09 08:14 . 2009-05-09 08:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys 2009-04-24 16:05 . 2009-06-28 21:48 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-28 21:48 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-28 21:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2007-09-16 06:35 . 2008-07-10 05:52 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-09-16 06:35 . 2008-07-10 05:52 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-09-16 06:35 . 2008-07-10 05:52 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-09-16 06:35 . 2008-07-10 05:52 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-09-16 06:35 . 2008-07-10 05:52 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "StarzTray"="c:\program files\Vongo\VongoTray.exe" [2008-03-13 389792] "Skytel"="c:\windows\Skytel.exe" [2007-05-07 1826816] "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dl l [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^CallWave.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CallWave.lnk backup=c:\windows\pss\CallWave.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1165871489-2030756850-4063627538-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{2028D769-6545-4992-A33C-DB285537536A}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{49172F3C-AA37-493D-A69F-40985C423C24}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{652EEB8C-CE2F-4443-94F3-61D1C9779AA6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0BCD854A-5C93-4D3D-A8ED-66616CB0D8CF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{2A02316A-D0D2-4F1D-9E91-1FC19069EA98}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C4433416-6F2C-49A4-8566-84FB65832CBC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "{80021501-CAF8-462B-AB1B-77FEF3DC7ADA}"= UDP:c:\users\Amy\AppData\Local\Temp\.ttBD04.tmp:en able "{30129DF1-674C-401D-AEF1-78D43415E515}"= TCP:c:\users\Amy\AppData\Local\Temp\.ttBD04.tmp:en able "{F0907747-4E39-46C9-8774-7E15113314B4}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5405780C-809A-4DBF-8549-7F3E4D76D325}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{629F6DAD-5955-4E14-8451-223D2EEA6614}c:\\program files\\novalogic\\delta force\\df.exe"= UDP:c:\program files\novalogic\delta force\df.exe  f"UDP Query User{0FEE598B-638F-409C-8E21-4383713F0105}c:\\program files\\novalogic\\delta force\\df.exe"= TCP:c:\program files\novalogic\delta force\df.exe f"TCP Query User{F13D5AEF-1C58-43AA-B18B-6BD62FC29D94}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1BF4ED98-3223-4CA8-8BA1-759246B29460}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{66352F58-C645-4BB0-B41C-5BB8CF44BE47}c:\\program files\\vongo\\vongotray.exe"= UDP:c:\program files\vongo\vongotray.exe:StarzTray "UDP Query User{A5E928BA-8FFB-4865-A2F4-370437E27A53}c:\\program files\\vongo\\vongotray.exe"= TCP:c:\program files\vongo\vongotray.exe:StarzTray "{7EBE8A4F-2E35-49A7-8DAE-2E3E43B63748}"= UDP:c:\program files\CallWave\IAM.exe:CallWave "{3A0354AB-F629-4DD5-AA0B-7254FB85659C}"= TCP:c:\program files\CallWave\IAM.exe:CallWave "TCP Query User{77732CEB-D7DC-4ED1-8502-BDAB5131C542}c:\\program files\\callwave\\iam.exe"= UDP:c:\program files\callwave\iam.exe:CallWave Software "UDP Query User{BFB6C141-6EB2-4108-A77D-AF0430ED64FE}c:\\program files\\callwave\\iam.exe"= TCP:c:\program files\callwave\iam.exe:CallWave Software R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmev tmgr.sys [2/15/2008 3:34 PM 52240] R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpr eflt.sys [2/15/2008 3:34 PM 36368] S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [10/15/2008 1:02 PM 124160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . - - - - ORPHANS REMOVED - - - - HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fptb-acer uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profi les\fo6cyuk0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&") ; c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&a ppver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-12 08:44 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\Amy\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\windows\system32\eNetHook.dll - - - - - - - > 'lsass.exe'(672) c:\windows\system32\eNetHook.dll . Completion time: 2009-07-12 8:48 ComboFix-quarantined-files.txt 2009-07-12 15:48 Pre-Run: 39,738,695,680 bytes free Post-Run: 40,118,525,952 bytes free 204 --- E O F --- 2009-07-12 01:13
|
|
#15
July 13th, 2009, 05:51 AM
|
||||
|
||||
|
Your "panic" are fully understandable, I know the feeling
 The combolog looks clean, IŽll therefore suggest you update malwarebyte, run a complete scan and have it to fix what it find. Then please post malwarebyte log, along with fresh hijackthis log and tell how things are running ?
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Apparent "redirect" problem with search results: Moved from I/B by Murray | yldndn6 | Malware Removal | 2 | June 19th, 2009 04:12 AM |
| "quick web search" - partially fixed. highjack log inside | tom_is_hijacked | Malware Removal | 6 | June 22nd, 2005 11:39 PM |
| Jaked Up by "shopping wizard" and "search extender" | makeitstop | Malware Removal | 5 | February 27th, 2005 06:27 PM |
| reformatting hard drive - format "c:\", "d:\", and "e:\" or just "c:\" | ssb2004 | Windows 98 | 4 | November 1st, 2004 05:25 PM |
All times are GMT +1. The time now is 01:01 AM.