Solved Viruses, Adware, Trojans. I'm sunk.

Geri,

I can't find " C:\WINDOWS\system32\tmp.reg ". But, I am sure every thing else is deleted.

Pepse.

 

Hi
OK That's not a big deal, please run ATF Cleaner and delete your cookies as instructed just before you run the Panda scan and post the panda scan results.

Thanks
Geri

 

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khhiggf.dll
Adware:Adware/Comet Not disinfected C:\!KillBox\sinstaller3.exe[SSSInstaller.dll]
Adware:Adware/WinAntiVirus2007 Not disinfected C:\!KillBox\vtutu.dll
Spyware:Cookie/2o7 Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@2o7[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@questionmarket[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@stat.onestat[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@trafficmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@zedo[1].txt
Adware:Adware/Comet Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\SSSInstaller.dll
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/2o7

 

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[server.iad.liveperson.net/hc/84815040]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.adtech.de/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[searchportal.information.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[counter15.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adtech.de/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[statse.webtrendslive.com/S129102]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[searchportal.information.com/]

 

Hi Pepse
OK That log is showing cookies only.

You still need to delete,
C:\!Killbox

How are things running? any warnings from your AVG?
Let me know, If things are OK then I will give you some recommendations.

Thanks
Geri

 

Okay, I deleted Killbox.exe. Things seem to be running normal. AVG is acting normal; scan on boot up. The only thing that I can't figure out is an icon in the lower right of the system tray. It is titled "Safely Remove Hardware ". Its been there since before we started on this venture. If it is bad then I can't understand why nothing picked it up.

I think it is safe to say everything is back to normal.

Later. Pepse.

 

Hi Pepse

That is a normal icon,

Now I strongly suggest you do no more hacking or searching for cracks, you want a program, save up your money and buy it ! Next time you may not be so lucky on removal of infections, you could possibly end up with a paper weight where your computer is sitting.

I also strongly suggest you remove emule, P2P file sharing of any kind will end you up right back here meeting us again sooner or later.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely
Geri

 

Geri,

Actually I am sorry for what I did to my computer. I am smart enough to know better. But the program I was looking for the hack for is $300.00, so I found a copy on limewire and didn't think it included the hack. I definately don't need to do this again. Being that you mention amule is there still some parts of it in my registry?

The "safely remove hardware" icon; I don't ever remember seeing it before all this started. And yet it appears to be OK?

I do thank you for all the help, and I will refrain from this kind of stupidity.

Have a great day.

Pepse.

 

Hi

Yes, it is here,
C:\Documents and Settings\Pepse\Application Data\aMule

If you wish to delete it here is how.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete this folder (if present):

Click on the " + " symbol next to each until you see aMule
Right click on amule and click delete.

C:\Documents and Settings\Pepse\Application Data\aMule


These Fonts seem to have been created at the same time as amule and probably should be deleted also.
C:\WINDOWS\Fonts\poornima-i.FOT
C:\WINDOWS\Fonts\poornima-bi.FOT
C:\WINDOWS\Fonts\poornima-b.FOT
Use windows explorer as above, left click on Fonts, then on the right side look for those fonts and then right click on each and delete.

Geri