Jump to content


Photo

about blank, trojans I got it all


  • Please log in to reply
13 replies to this topic

#1 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 09:21 AM

Logfile of HijackThis v1.97.7
Scan saved at 9:18:32 AM, on 5/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\GPLSAF~1\curb meow.exe
C:\Program Files\LINKSYS\Configuration Utility\Config.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...p://about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\rodney\dp-b23011805.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [trans dent] C:\PROGRA~1\GPLSAF~1\curb meow.exe
O4 - HKCU\..\RunOnce: [mlbrt.exe] C:\WINDOWS\System32\mlbrt.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configuration Utility\Config.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7658.5079976852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#2 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 09:37 AM

plus I was told to put this

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {C20B1328-F3D3-42DB-9C95-7C87B6A69E9A}; .NET CLR 1.0.3705)

#3 LonnyRJones

LonnyRJones

    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 961 posts

Posted 26 May 2004 - 10:02 AM

Hi hammerhead

Download VX2Finder from this link:
http://tools.zerosre...m/VX2Finder.exe


Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.
close vx2finder
Copy and paste the contents of the log into your next reply here. thanks.

Edited by LonnyRJones, 26 May 2004 - 10:03 AM.


#4 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 10:15 AM

Files Found---
C:\WINDOWS\System32\aivapi32.dll
C:\WINDOWS\System32\bcotvid.dll
C:\WINDOWS\System32\bdotvid.dll
C:\WINDOWS\System32\bfotvid.dll
C:\WINDOWS\System32\bhotvid.dll
C:\WINDOWS\System32\bjotvid.dll
C:\WINDOWS\System32\blotvid.dll
C:\WINDOWS\System32\bmotvid.dll
C:\WINDOWS\System32\bqotvid.dll
C:\WINDOWS\System32\btotvid.dll
C:\WINDOWS\System32\bvotvid.dll
C:\WINDOWS\System32\byotvid.dll
C:\WINDOWS\System32\bzotvid.dll
C:\WINDOWS\System32\cemdlg32.dll
C:\WINDOWS\System32\cimdlg32.dll
C:\WINDOWS\System32\ckmdlg32.dll
C:\WINDOWS\System32\cvmdlg32.dll
C:\WINDOWS\System32\czmctl32.dll
C:\WINDOWS\System32\gmi32.dll
C:\WINDOWS\System32\iaagehlp.dll
C:\WINDOWS\System32\idagehlp.dll
C:\WINDOWS\System32\ilagehlp.dll
C:\WINDOWS\System32\ioagehlp.dll
C:\WINDOWS\System32\iqagehlp.dll
C:\WINDOWS\System32\karnel32.dll
C:\WINDOWS\System32\kbcom.dll
C:\WINDOWS\System32\kirnel32.dll
C:\WINDOWS\System32\kvcom.dll
C:\WINDOWS\System32\kwcom.dll
C:\WINDOWS\System32\kycom.dll
C:\WINDOWS\System32\kzcom.dll
C:\WINDOWS\System32\lf32.dll
C:\WINDOWS\System32\lw32.dll
C:\WINDOWS\System32\lx32.dll
C:\WINDOWS\System32\nbdll.dll
C:\WINDOWS\System32\nfdll.dll
C:\WINDOWS\System32\ngdll.dll
C:\WINDOWS\System32\nkdll.dll
C:\WINDOWS\System32\nldll.dll
C:\WINDOWS\System32\nydll.dll
C:\WINDOWS\System32\nzdll.dll
C:\WINDOWS\System32\oqecli32.dll
C:\WINDOWS\System32\oue32.dll
C:\WINDOWS\System32\sacfiles.dll
C:\WINDOWS\System32\sbcfiles.dll
C:\WINDOWS\System32\smcfiles.dll
C:\WINDOWS\System32\sqcfiles.dll
C:\WINDOWS\System32\sucfiles.dll


Guardian Key--- is called: GuardianDUBVB
Asynchronous 000
DllName C:\WINDOWS\system32\nydll.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 124
ID {C20B1328-F3D3-42DB-9C95-7C87B6A69E9A}
IDex MB

User Agent String---
{C20B1328-F3D3-42DB-9C95-7C87B6A69E9A}

#5 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 10:54 AM

The Make log didn't work so I cut and pasted it

#6 LonnyRJones

LonnyRJones

    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 961 posts

Posted 26 May 2004 - 10:56 AM

Sign off and stay off the internet until the entire procedure is complete.

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

Then select the *Delete these files* button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file (Reboot)

-----------------
Once back in Windows


Open VX2Finder again and click on these buttons in the right pane:

user agent, Guardian.reg, restore policy

Exit and reboot.

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.
Post it here with a fresh HijackThis log please.

#7 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 11:22 AM

here are the new logs

VX2_____________________________________________
Files Found---


Guardian Key--- is called:

User Agent String---
________________________________________________________

Hijack this______________________________________________
Logfile of HijackThis v1.97.7
Scan saved at 11:22:32 AM, on 5/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\GPLSAF~1\curb meow.exe
C:\Program Files\LINKSYS\Configuration Utility\Config.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\!Download\VX2Finder.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...p://about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\system32\regsvrac32.dll
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\rodney\dp-b23011805.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [trans dent] C:\PROGRA~1\GPLSAF~1\curb meow.exe
O4 - HKLM\..\RunOnce: [mlbrt.exe] C:\WINDOWS\System32\mlbrt.exe
O4 - HKCU\..\RunOnce: [mlbrt.exe] C:\WINDOWS\System32\mlbrt.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configuration Utility\Config.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7658.5079976852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#8 LonnyRJones

LonnyRJones

    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 961 posts

Posted 26 May 2004 - 11:43 AM

Download lspfix, dont use it yet, link below.

Reboot into safe mode
How to start in safe mode


Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders)
that show in the taskbar. Then Hit fix selected

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...p://about:blank


O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\system32\regsvrac32.dll
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\rodney\dp-b23011805.exe
O4 - HKLM\..\Run: [trans dent] C:\PROGRA~1\GPLSAF~1\curb meow.exe
O4 - HKLM\..\RunOnce: [mlbrt.exe] C:\WINDOWS\System32\mlbrt.exe
O4 - HKCU\..\RunOnce: [mlbrt.exe] C:\WINDOWS\System32\mlbrt.exe
=========
find and delete (ONLY THESE EXACT) files and folder's,
Be very carefull if your unsure leave them be.
You might have to have windows show hidden file's and folder's in order to see them.
How to Show hidden files and folders.

C:\WINDOWS\System32\mlbrt.ex
C:\PROGRA~1\GPLSAF < not sure of the full name,, but it needs to go.
C:\Documents and Settings\rodney\dp-b23011805.exe
C:\WINDOWS\system32\regsvrac32.dll






Go here and download the LSP tool
http://www.cexx.org/lspfix.htm
read the documentation, close the internet connection and close any programs that show in the taskbar,, start the tool, check the box that says you know what you are doing, fix all instances (and only those) of "inetadpt.dll" (ie, move it/them to the remove window, click finish)

Now restart your computer, and delete that c:\windows\system\inetadpt.dll file

copy and past this into IE's addressbar
java script:navigator.userAgent
Hit enter or go
and copy paste that back here for us please and a new Hijackthis log

Edited by LonnyRJones, 31 May 2004 - 12:23 AM.


#9 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 01:19 PM

Ok all that done

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)

Logfile of HijackThis v1.97.7
Scan saved at 1:19:40 PM, on 5/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\LINKSYS\Configuration Utility\Config.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configuration Utility\Config.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7658.5079976852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#10 LonnyRJones

LonnyRJones

    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 961 posts

Posted 26 May 2004 - 01:29 PM

Hammer good work

Log Looks good.

Only undates are needed and you should be using SpyBots tea timer
have Adaware installed updated and scan with it to.
and a firewall also.

#11 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 01:52 PM

Lonny,
Thanks For the Help and time you put in With Me... I think we got it all clean out I just need to Virus scan and clear a few Bugs

Thanks again for you help

#12 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 26 May 2004 - 02:41 PM

This is a list of the trojans found in system restore Which I cleared after we were done:

Detected Virus List
Time,Infected File Name,Virus Name,Action on Virus,User Name,Scan Type
13:59:44,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113105.exe,TROJ_SMALL.XC,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:43,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113104.exe,TROJ_BRIDGE.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:43,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113103.exe,TROJ_BRIDGE.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:42,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113102.exe,ADW_RULEDOR.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:42,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113101.exe,TROJ_POPMON.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:41,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113100.exe,ADW_SCANPORTAL.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:41,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113099.exe,ADW_RULEDOR.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:40,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113098.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:39,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113097.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:38,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113096.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:37,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113095.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:36,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113094.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:35,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113093.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:34,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113092.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:33,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113091.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:32,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113090.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:31,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113089.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:30,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113088.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:29,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113087.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:28,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113086.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:27,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113085.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:26,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113084.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:25,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113083.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:24,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113082.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:23,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113081.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:22,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113080.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:21,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113079.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:20,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113078.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:19,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113077.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:18,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113076.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:17,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113075.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:16,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113074.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:15,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113073.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:14,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113072.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:13,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113071.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:12,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113070.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:11,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113069.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:10,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113068.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:09,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113067.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:09,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113066.exe,TROJ_REVOP.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:08,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113065.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:07,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113064.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:06,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113063.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:05,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113062.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:05,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113061.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:04,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113060.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:02,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113059.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:01,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113058.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:59:00,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113057.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:59,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113056.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:57,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113055.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:56,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113054.exe,TROJ_TOMADI.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:54,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113053.exe,TROJ_REVOP.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:54,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113052.exe,TROJ_REVOP.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:54,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113051.exe,TROJ_REVOP.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:53,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113050.exe,TROJ_SMALL.GO,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:53,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113049.exe,TROJ_STILEN.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:52,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113048.EXE,TROJ_REVOP.A,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:51,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113047.exe,TROJ_SMALL.XC,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:51,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP232\A0113046.exe,TROJ_REVOP.C,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:03,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP234\A0113262.exe,TROJ_SMALL.XC,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:58:02,C:\System Volume Information\_restore{0E4620DB-6A61-4E58-9C3D-01E873E51D23}\RP234\A0113260.exe,TROJ_SMALL.XC,Unable to clean. Infected file was quarantined.,rodney,Manual Scan
13:46:07,C:\WINDOWS\system32\msgked.exe,TROJ_SMALL.XC,Unable to clean. Infected file was quarantined.,rodney,Manual Scan

#13 LonnyRJones

LonnyRJones

    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 961 posts

Posted 26 May 2004 - 11:40 PM

Hello HammerHead

To clear things in system restore you should just disable it, reboot and enable it again, please do that if you have not already

For Windows XP

Disable system restore
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.

Then reboot and re-enable it.


Feel free to ask if you have any questions

#14 HammerHead

HammerHead

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 30 May 2004 - 04:20 PM

Yeah I did that and rescaned NO TROJANS FOUND
Thanks again for the Help!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button