Cleaning up my system. HJT log inside.

[forhockey]

Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

--------------------------------------------------------------

Click Start>Run and copy/paste the following text into the Run box and and click OK:

regsvr32 /u occache.dll

----------------------------------------------------------------------

Delete the following Files indicated in RED

c:\windows\system32\in10b6s.dll
c:\windows\downloaded program files\cc.inf
c:\windows\system32\drivers\etc\hosts.bho

C:\Documents and Settings\Amanda\Local Settings\Temp <-- DO NOT delete Folder. Simply delete all the file located in this folder.


--------------------------------------------------------------

Now, click Start>Run and copy/paste the following text into the Run box and click OK:

regsvr32 occache.dll

--------------------------------------------------------------

Reboot your machine

--------------------------------------------------------------

Well your logs are clean. Your remaining problems with your Windows accounts should be dealt with in the Windows XP section of this forum. Also, I recommend that you upgrade your Windows to Service Pack 2, so that your machine gets the security patches to help prevent your machine from getting easily infected again.

Reset Hidden/System Files and Folders

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Advanced settings box option select the following:
  - Hide extensions for known file types
  - Hide protected operating system files
  - Do not show hidden files and folders .
• Click OK.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Clear IE6 cookies

1. On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache [that includes cookies too].
3. Click OK, and then click OK again.

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/arti...ml#post1068846.
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
• SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

• Comodo Personal Firewall
• ZoneAlarm
• OutPost Firewall

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• How Did I Get Infected In The First Place?.
• THE ANTI-SPYWARE TUTORIAL
• STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

[sanjoe]

I did the 1st part, then when I got to this part, Click Start>Run and copy/paste the following text into the Run box and and click OK:

regsvr32 /u occache.dll

I received this message:
DllUnregisterServer in occache.dll

Is this what I should have received or should it have brought up the listing of files for me to remove next?
Sandy

[Ried]

Hi Sandy,

That is the correct message you should have received. That command is ensuring one of the files listed for deletion--the one located in the downloaded program files--can indeed, be seen to delete.

Please continue and delete the files he listed for you.

Make sure you carry out the final Start>Run command. It is not the same as the first.

[sanjoe]

Hi. When I get to this step:
C:\Documents and Settings\Amanda\Local Settings\Temp <-- DO NOT delete Folder. Simply delete all the file located in this folder.

I get Access denied error.
Thanks for walking me through this.
Sandy

[Ried]

ATF cleaner and Windows DiscCleanup Utility would normally be able to clean that folder, but with your user accounts so messed up from when your husband did that system restore, we'll cut to the chase and do it this way.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KillAll::

File::
C:\Documents and Settings\Amanda\Local Settings\Temp\~341577.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~353580.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~428090.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~429505.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~507891.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~521788.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~526822.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~609290.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~645705.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~658127.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~661222.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~673027.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~684026.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~685062.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~695895.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~700831.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~705792.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~732350.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~735358.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~744389.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~746047.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~764948.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~765.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~776682.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~792812.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~890266.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\~896676.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\res1B.tmp
C:\Documents and Settings\Amanda\Local Settings\Temp\res1C.tmp
C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\4RWDI9KN\channels_02[1].gif

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------------

Please post the C:\ComboFix.txt so I can verify it ran properly.

[sanjoe]

Hello Reid,
I am afraid I am having trouble executing the quote above. I don't quite understand. I copied and pasted the quote in a notepad but I was lost after that as I had no combofix icon like the one pictured. I searched for it on the internet and opened the file and it started running the scan before I copied and pasted anything. So now I am sure I have this program on the HDrive but I don't see an icon on the desktop to copy to. Sorry for the confusion and thanks so much for lending a hand.
Sandy

[Ried]

You know what--I forgot forhockey had you perform a System Restore which set your system back to before you downloaded ComboFix.exe--my apologies.

Since we're not sure what caused your Administrator desktop to 'disappear' after you ran the bfu, we'll use this tool instead.

Please download the OTMoveIt by OldTimer. Save it to your desktop.

--------------------------------------------------------------------


Double-click OTMoveIt.exe to run it.

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  Quote:

  C:\Documents and Settings\Amanda\Local Settings\Temp\~341577.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~353580.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~428090.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~429505.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~507891.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~521788.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~526822.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~609290.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~645705.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~658127.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~661222.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~673027.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~684026.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~685062.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~695895.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~700831.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~705792.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~732350.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~735358.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~744389.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~746047.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~764948.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~765.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~776682.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~792812.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~890266.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\~896676.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\res1B.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temp\res1C.tmp
  C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\4RWDI9KN\channels_02[1].gif

• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the log from OTMoveIt, located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log (Where mmddyyyy_hhmmss is the date of the tool run.)

[sanjoe]

I hope I did this right. I did not have to reboot. I was not asked to. I guess it couldn't locate these files under my current user?

File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~341577.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~353580.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~428090.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~429505.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~507891.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~521788.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~526822.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~609290.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~645705.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~658127.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~661222.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~673027.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~684026.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~685062.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~695895.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~700831.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~705792.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~732350.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~735358.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~744389.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~746047.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~764948.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~765.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~776682.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~792812.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~890266.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\~896676.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\res1B.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temp\res1C.tmp not found.
File/Folder C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\4RWDI9KN\channels_02[1].gif not found.

Created on 09/24/2007 13:45:46

[Ried]

Sandy, please run another online scan at Panda. I realize it's time consuming, but let's see if those files are indeed still on the system.

Post the Panda results here please.

[sanjoe]

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[4].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[5].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[6].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[7].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[8].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[3].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@c3.gostats[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@go[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@mysearch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@rightmedia[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@xiti[1].txt
Adware:Adware/Zango Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\res1B.tmp
Adware:Adware/Zango Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\res1C.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~341577.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~353580.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~428090.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~429505.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~507891.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~521788.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~526822.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~609290.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~645705.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~658127.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~661222.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~673027.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~684026.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~685062.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~695895.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~700831.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~705792.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~732350.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~735358.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~744389.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~746047.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~764948.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~765.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~776682.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~792812.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~890266.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~896676.tmp
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\4RWDI9KN\channels_02[1].gif
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Profiles\default\vijgai78.slt\cookies.txt[.apmebf.com/]
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\3cc01e4a_256000.exe
Adware:Adware Program Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\c498d42b_379.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\c99187c8_365.inf
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\d6aee2c3_316.inf
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\ef19590a_225280.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\DM.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\DownloadManager.exe
Adware:Adware/Zango Not disinfected C:\Program Files\Netscape\Netscape\plugins\npclntax.dll
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\qoobox\Quarantine\C\Program Files\DownloadManager\MPTray.exe.vir
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\qoobox\Quarantine\C\Program Files\DownloadManager\MPUpdate.exe.vir
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\qoobox\Quarantine\C\Program Files\DownloadManager\p2pinst.exe.vir
Adware:Adware/SearchAid Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ftuninst.exe.vir
Adware:Adware/SearchAid Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32ftuninst.exe.vir
Adware:Adware/TVMedia Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Install.inf
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\iconzx.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe