[Ramnit- Not curable] Licosearch hijack browser - im really struggling!

Status
Not open for further replies.
B

broony

Posts: 19   +0
hi chaps,

im really struggling with this one.

My browser redirects me to licosearch and wont allow lots of web pages to load.

thankfully i did manage to open up a thread on here and tried to follow the 7 step plan.

what i have done so far:

loaded up avira and completed a full scan (took about 6 hours) lots of stuff found.

loaded up malwarebytes and did a full scan as well as a quick scan after the avira.

i tried to load up the GMER but my internet wont open it ( ithink it might be the virus again??)

and so here i am - my google is still redirecting we to licosearch and im tearing my hair out!!!!

all help and advice gratefully welcome.
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6765

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/06/2011 13:00:16
mbam-log-2011-06-04 (13-00-16).txt

Scan type: Quick scan
Objects scanned: 186314
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Welcome to TechSpot!

Hopefully you are running DDS and will pasted those 2 logs into your next reply. Then I will review them,and go on to the next step. Try running GMER in Safe Mode to do the scan.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
my system wont allow me to start in safe mode with or without metworking. Im at my wits end!

i cant load the dds as i get a message saying

unable to establish a connection

yet i know i am online with a good wireless signal.
 
Logged in under the wifes log in - success!!

GMER:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-04 20:53:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.10.0
Running: y15z1efj.exe; Driver: C:\DOCUME~1\LORRAI~1\LOCALS~1\Temp\kflcykod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61

---- EOF - GMER 1.0.15 ----
 
DDS:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by lorraine hobson at 21:13:31 on 2011-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.507 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwbarebytes' brilliant virus removal\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\lxbmaesm\tesykeca.exe
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\lorraine hobson\start menu\programs\startup\tesykeca.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lorraine hobson\application data\mozilla\firefox\profiles\bs3czrpn.default\
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-4 11608]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-4 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-4 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-4 61960]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-26 66048]
R2 MBAMService;MBAMService;c:\program files\malwbarebytes' brilliant virus removal\mbamservice.exe [2011-6-3 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2006-7-10 882688]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-3-15 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-3 22712]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-7-10 7040]
S1 MpKsl0b05d477;MpKsl0b05d477;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f392024-a7a8-4a02-ac08-b1d7a85fc6a6}\mpksl0b05d477.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f392024-a7a8-4a02-ac08-b1d7a85fc6a6}\MpKsl0b05d477.sys [?]
S1 MpKsl35231091;MpKsl35231091;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\mpksl35231091.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\MpKsl35231091.sys [?]
S1 MpKslae24dca0;MpKslae24dca0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\mpkslae24dca0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\MpKslae24dca0.sys [?]
S1 MpKslb9bbebb4;MpKslb9bbebb4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48696746-f734-4d1d-91aa-cb7eb40d032d}\mpkslb9bbebb4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48696746-f734-4d1d-91aa-cb7eb40d032d}\MpKslb9bbebb4.sys [?]
S1 MpKsld3ad200c;MpKsld3ad200c; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-3-15 1723840]
S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2009-1-16 11935]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2011-3-15 360529]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\windows\temp\bptgnbum.sys --> c:\windows\temp\bptgnbum.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-11-26 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-11-26 13532]
S4 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2011-3-15 268768]
.
=============== Created Last 30 ================
.
2011-06-04 20:03:29 -------- d-----w- c:\documents and settings\lorraine hobson\application data\Avira
2011-06-04 19:53:35 179631 ----a-w- c:\program files\internet explorer\iexploremgr.exe
2011-06-04 18:26:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-04 18:26:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-04 00:53:50 -------- d-sha-w- c:\windows\Repair
2011-06-04 00:40:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-04 00:40:54 -------- d-----w- c:\program files\Avira
2011-06-04 00:40:54 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-06-04 00:12:14 -------- d-----w- c:\program files\Trend Micro
2011-06-03 21:34:54 -------- d-----w- c:\program files\Spybot - Search & Destroy brilliant
2011-06-03 18:55:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 18:55:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 18:55:50 -------- d-----w- c:\program files\Malwbarebytes' brilliant virus removal
2011-06-03 18:31:33 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-03 18:24:18 179631 --s---w- C:\tesykeca.exe
2011-05-28 22:49:28 -------- d-----w- c:\program files\lxbmaesm
.
==================== Find3M ====================
.
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 21:17:56.50 ===============
 
We need to submit 2 files for identification:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

  • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

    Code: 
    c:\windows\system32\userinit.exe

c:\program files\Internet Explorer\iexploremgr.exe
    [2]. At the upload site, click once inside the window next to Browse.
    [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    [4]. Click on the Upload button.
    This will perform a scan across multiple different virus scanning engines.
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    Important: Wait for all of the scanning engines to complete.
    [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
    [6]. Paste the contents of the Clipboard in your next reply.

The results of these scan will determine what we do next.

Note: If you are unable to access the internet to get the identifications, please run a full scan with your AV program, then post that log.

.
 
hi,

i really appreciate your help.

first file:

Antivirus Version Last Update Result
AhnLab-V3 2011.06.05.00 2011.06.05 -
AntiVir 7.11.9.29 2011.06.05 -
Antiy-AVL 2.0.3.7 2011.06.05 -
Avast 4.8.1351.0 2011.06.05 -
Avast5 5.0.677.0 2011.06.05 -
AVG 10.0.0.1190 2011.06.05 -
CAT-QuickHeal 11.00 2011.06.05 -
ClamAV 0.97.0.0 2011.06.05 -
Commtouch 5.3.2.6 2011.06.05 -
Comodo 8961 2011.06.05 -
DrWeb 5.0.2.03300 2011.06.05 -
Emsisoft 5.1.0.5 2011.06.05 -
eSafe 7.0.17.0 2011.06.02 -
eTrust-Vet 36.1.8366 2011.06.03 -
F-Prot 4.6.2.117 2011.06.05 -
F-Secure 9.0.16440.0 2011.06.05 -
Fortinet 4.2.257.0 2011.06.04 -
Ikarus T3.1.1.104.0 2011.06.05 -
Jiangmin 13.0.900 2011.06.01 -
K7AntiVirus 9.104.4769 2011.06.04 -
Kaspersky 9.0.0.837 2011.06.05 -
McAfee 5.400.0.1158 2011.06.05 -
McAfee-GW-Edition 2010.1D 2011.06.05 -
Microsoft 1.6903 2011.06.05 -
NOD32 6182 2011.06.05 -
Norman 6.07.07 2011.06.05 -
nProtect 2011-06-05.01 2011.06.05 -
Panda 10.0.3.5 2011.06.05 -
PCTools 7.0.3.5 2011.06.03 -
Prevx 3.0 2011.06.05 -
Rising 23.60.03.09 2011.06.03 -
Sophos 4.66.0 2011.06.05 -
SUPERAntiSpyware 4.40.0.1006 2011.06.05 -
TheHacker 6.7.0.1.220 2011.06.04 -
TrendMicro 9.200.0.1012 2011.06.05 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.05 -
VBA32 3.12.16.0 2011.06.03 -
VIPRE 9495 2011.06.05 -
ViRobot 2011.6.4.4496 2011.06.05 -
VirusBuster 14.0.68.0 2011.06.05 -
Additional information
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
 
let me explain:

my DDs and GMER files were done from my wifes log in (as my log in couldnt upload the files)

my previous post is from my log in but the second file you asked for couldnt be found. I have loggen in again using the wifes.

here is the first one again.

Antivirus Version Last Update Result
AhnLab-V3 2011.06.05.00 2011.06.05 -
AntiVir 7.11.9.29 2011.06.05 -
Antiy-AVL 2.0.3.7 2011.06.05 -
Avast 4.8.1351.0 2011.06.05 -
Avast5 5.0.677.0 2011.06.05 -
AVG 10.0.0.1190 2011.06.05 -
BitDefender 7.2 2011.06.05 -
CAT-QuickHeal 11.00 2011.06.05 -
ClamAV 0.97.0.0 2011.06.05 -
Commtouch 5.3.2.6 2011.06.05 -
Comodo 8961 2011.06.05 -
DrWeb 5.0.2.03300 2011.06.05 -
Emsisoft 5.1.0.5 2011.06.05 -
eSafe 7.0.17.0 2011.06.02 -
eTrust-Vet 36.1.8366 2011.06.03 -
F-Prot 4.6.2.117 2011.06.05 -
F-Secure 9.0.16440.0 2011.06.05 -
Fortinet 4.2.257.0 2011.06.04 -
GData 22 2011.06.05 -
Ikarus T3.1.1.104.0 2011.06.05 -
Jiangmin 13.0.900 2011.06.01 -
K7AntiVirus 9.104.4769 2011.06.04 -
Kaspersky 9.0.0.837 2011.06.05 -
McAfee 5.400.0.1158 2011.06.05 -
McAfee-GW-Edition 2010.1D 2011.06.05 -
Microsoft 1.6903 2011.06.05 -
NOD32 6182 2011.06.05 -
Norman 6.07.07 2011.06.05 -
nProtect 2011-06-05.01 2011.06.05 -
Panda 10.0.3.5 2011.06.05 -
PCTools 7.0.3.5 2011.06.03 -
Prevx 3.0 2011.06.05 -
Rising 23.60.03.09 2011.06.03 -
Sophos 4.66.0 2011.06.05 -
SUPERAntiSpyware 4.40.0.1006 2011.06.05 -
Symantec 20111.1.0.186 2011.06.05 -
TheHacker 6.7.0.1.220 2011.06.04 -
TrendMicro 9.200.0.1012 2011.06.05 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.05 -
VBA32 3.12.16.0 2011.06.03 -
VIPRE 9495 2011.06.05 -
ViRobot 2011.6.4.4496 2011.06.05 -
VirusBuster 14.0.68.0 2011.06.05 -
Additional informationShow all
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
File size : 26112 bytes
First seen: 2009-02-12 03:28:35
Last seen : 2011-06-05 21:07:02
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x54AD
timedatestamp....: 0x480251A8 (Sun Apr 13 18:32:08 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x520E, 0x5400, 5.95, 099b53205ad3f1c3b853a5310d08a9b1
.data, 0x7000, 0x14C, 0x200, 1.86, 0bb948f267e82975313a03d8c0e8a1cf
.rsrc, 0x8000, 0xB50, 0xC00, 3.27, bac832e39f87c4f5f640e5d5c6a1c2fc

[[ 9 import(s) ]]
USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
CRYPT32.dll: CryptProtectData
WINSPOOL.DRV: SpoolerInit
ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
WLDAP32.dll: -, -, -, -, -, -
msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 21504
CompanyName: Microsoft Corporation
EntryPoint: 0x54ad
FileDescription: Userinit Logon Application
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 26 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 5.1
InitializedDataSize: 3584
InternalName: userinit
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: USERINIT.EXE
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:13 20:32:08+02:00
UninitializedDataSize: 0
 
hi,

no, the second file is not uploading - no file of that name exists. The first one is in my previous post.
 
None of these scan have headers. Nor do they say "No Malware" or "Found Malware." I have never seen the scans print out like this.

What is this?
first file:
Antivirus Version Last Update Result
Additional information
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
Click to expand...
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 21504
CompanyName: Microsoft Corporation
EntryPoint: 0x54ad
FileDescription: Userinit Logon Application
Click to expand...

And everything in between! This is not even the purpose of the scan.
And we need to handle everything from the problem computer. I don't know if you're referring to one computer for you and another for your wife- or of it's different accounts on the same computer. But the identification has to come from thr computer that has the files on it.
=================================
Example of identification from a VirScan:

File information
File Name : USERINIT.EXE
File Size : 57856 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 185f0bd20a504aee0b006737e72ad3fa
SHA1 : b1eefe9234036ced2924ffe7e4c5e5ab9763f391

Scanner results
Scanner results : 49% Scanner(s) (18/37) found malware!
Time : 2011/05/24 13:00:56 (CST)

Then it has the listing of all the scanners with their results like this:
Scanner ↓.Engine Ver..... Sig Ver...........Sig Date.........Scan result...............Time
a-squared ..... 5.1.0.2.......... 20110524031136 ....2011-05-24....Virus.Win32.Virut!IK...... 5.332
AVG ....... .... 8.5.850......... 271.1.1/3656............2011-05-24 ....Win32/Virut............. 1.368
 
all from the same computer, i switched log ins so i could download the DDs and other software.

i have done a full AV:

Avira AntiVir Personal
Report file date: 05 June 2011 22:22

Scanning for 2717015 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-62C93FF897

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 01/04/2011 16:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2011 16:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 01/04/2011 16:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 19:42:32
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 19:42:34
VBASE005.VDF : 7.11.8.179 2048 Bytes 31/05/2011 19:42:34
VBASE006.VDF : 7.11.8.180 2048 Bytes 31/05/2011 19:42:34
VBASE007.VDF : 7.11.8.181 2048 Bytes 31/05/2011 19:42:34
VBASE008.VDF : 7.11.8.182 2048 Bytes 31/05/2011 19:42:34
VBASE009.VDF : 7.11.8.183 2048 Bytes 31/05/2011 19:42:34
VBASE010.VDF : 7.11.8.184 2048 Bytes 31/05/2011 19:42:34
VBASE011.VDF : 7.11.8.185 2048 Bytes 31/05/2011 19:42:35
VBASE012.VDF : 7.11.8.186 2048 Bytes 31/05/2011 19:42:35
VBASE013.VDF : 7.11.8.222 121856 Bytes 02/06/2011 19:42:35
VBASE014.VDF : 7.11.9.7 134656 Bytes 04/06/2011 19:42:36
VBASE015.VDF : 7.11.9.8 2048 Bytes 04/06/2011 19:42:36
VBASE016.VDF : 7.11.9.9 2048 Bytes 04/06/2011 19:42:36
VBASE017.VDF : 7.11.9.10 2048 Bytes 04/06/2011 19:42:36
VBASE018.VDF : 7.11.9.11 2048 Bytes 04/06/2011 19:42:36
VBASE019.VDF : 7.11.9.12 2048 Bytes 04/06/2011 19:42:36
VBASE020.VDF : 7.11.9.13 2048 Bytes 04/06/2011 19:42:36
VBASE021.VDF : 7.11.9.14 2048 Bytes 04/06/2011 19:42:36
VBASE022.VDF : 7.11.9.15 2048 Bytes 04/06/2011 19:42:37
VBASE023.VDF : 7.11.9.16 2048 Bytes 04/06/2011 19:42:37
VBASE024.VDF : 7.11.9.17 2048 Bytes 04/06/2011 19:42:37
VBASE025.VDF : 7.11.9.18 2048 Bytes 04/06/2011 19:42:37
VBASE026.VDF : 7.11.9.19 2048 Bytes 04/06/2011 19:42:37
VBASE027.VDF : 7.11.9.20 2048 Bytes 04/06/2011 19:42:37
VBASE028.VDF : 7.11.9.21 2048 Bytes 04/06/2011 19:42:37
VBASE029.VDF : 7.11.9.22 2048 Bytes 04/06/2011 19:42:37
VBASE030.VDF : 7.11.9.23 2048 Bytes 04/06/2011 19:42:37
VBASE031.VDF : 7.11.9.27 19968 Bytes 04/06/2011 19:42:37
Engineversion : 8.2.5.12
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 15:15:27
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 04/06/2011 19:42:47
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 15:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 04/06/2011 19:42:48
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 11:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 04/06/2011 19:42:46
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 04/06/2011 19:42:46
AEHEUR.DLL : 8.1.2.123 3502456 Bytes 04/06/2011 19:42:45
AEHELP.DLL : 8.1.17.2 246135 Bytes 04/06/2011 19:42:40
AEGEN.DLL : 8.1.5.6 401780 Bytes 04/06/2011 19:42:40
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 15:15:19
AECORE.DLL : 8.1.21.1 196983 Bytes 04/06/2011 19:42:39
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 15:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 15:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 01/04/2011 16:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 04/06/2011 19:42:49
AVREG.DLL : 10.0.3.2 53096 Bytes 01/04/2011 16:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 01/04/2011 16:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 01/04/2011 16:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/04/2011 16:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 15:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 15:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01/04/2011 16:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 15:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 05 June 2011 22:22

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'logon.scr' - '15' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'wuauclt.exe' - '38' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'Explorer.EXE' - '105' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '31' Module(s) have been scanned
Scan process 'x10nets.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mbamservice.exe' - '35' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'ehSched.exe' - '40' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '89' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'acs.exe' - '85' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '169' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '451' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Desktop\y15z1efj.exe
[DETECTION] Contains code of the W32/Ramnit.C Windows virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\login[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\subsite[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\11307225621@x50[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\button[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\firstpage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\how-to-disable-script-blocking-392291[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\MiniNavBar[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\Context[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\EditMessageLight[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\login[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\net[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\getdata[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\HHWRAPPER[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\InboxLight[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[2].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\8D8AXQ9N\proxy[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\DJS2XFIR\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\clickenc=http___bid.openx[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\forumdisplay[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\MergedLoginHistoryFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\NavBar[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\Search[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\blank[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\mainHomepage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\xmlProxy[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
 
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\RteFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\stage1b[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\WebIMPop[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\jump1[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\HomePage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\jump1[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\LocalStorage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[2].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\Messenger[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\xmlProxy[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CA1B2Y14.HTM
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CATA2R6B.HTM
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\resourcespreload[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[3].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\1@x13[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\adloader[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\HistoryFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\newreply[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\searchblurb[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\celticminded_com[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\xd_receiver[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Documents and Settings\lorraine hobson\Start Menu\Programs\Startup\tesykeca.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\Documents and Settings\peter brown\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-563c88be
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Scuds.A Java virus
C:\Documents and Settings\peter brown\Local Settings\Temp\jar_cache3884259870189179631.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
--> nongame.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
C:\Documents and Settings\peter brown\Local Settings\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan
C:\Program Files\Google\Update\GoogleUpdatemgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\Program Files\Google\Update\GoogleUpdatemgrmgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\Program Files\Google\Update\GoogleUpdatemgrmgrmgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP738\A0112568.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP739\A0148618.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0152080.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0153065.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0153534.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0154807.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157050.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157053.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160333.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160336.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160337.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161297.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161298.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161299.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161941.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162899.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162900.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162901.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163118.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163559.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164047.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164067.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164068.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165068.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165555.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165556.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165557.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0166236.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167425.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167428.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168563.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168564.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168565.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169315.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169626.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170536.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170845.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171595.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171596.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171597.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172282.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172299.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172389.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172409.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172415.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172416.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172417.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172451.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172927.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173611.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173612.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173613.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0174347.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176213.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176214.exe
 
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176216.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176217.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Explorermgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\1.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\10.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\11.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\12.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\13.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\14.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\15.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\16.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\18.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\2.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\3.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\A.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\B.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\C.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\D.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\E.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\F.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
C:\WINDOWS\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan

Beginning disinfection:
C:\WINDOWS\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4dc4d023.qua'.
C:\WINDOWS\Temp\F.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '556eff58.qua'.
C:\WINDOWS\Temp\E.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0731a5b1.qua'.
C:\WINDOWS\Temp\D.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6106ea73.qua'.
C:\WINDOWS\Temp\C.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2482c74d.qua'.
C:\WINDOWS\Temp\B.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5b99f52c.qua'.
C:\WINDOWS\Temp\A.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1721d966.qua'.
C:\WINDOWS\Temp\3.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6b399936.qua'.
C:\WINDOWS\Temp\2.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4663b67b.qua'.
C:\WINDOWS\Temp\18.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5f718deb.qua'.
C:\WINDOWS\Temp\16.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '332da1d9.qua'.
C:\WINDOWS\Temp\15.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4294984d.qua'.
C:\WINDOWS\Temp\14.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4c8ea885.qua'.
C:\WINDOWS\Temp\13.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '09a7d1c6.qua'.
C:\WINDOWS\Temp\12.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '00acd56e.qua'.
C:\WINDOWS\Temp\11.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '58edcc06.qua'.
C:\WINDOWS\Temp\10.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7419b5cd.qua'.
C:\WINDOWS\Temp\1.tmp
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4a9dd515.qua'.
C:\WINDOWS\Explorermgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '29affeac.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176217.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0f26be79.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176216.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3db2c5dc.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176214.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '37f7eea5.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176213.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '08a48ae0.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0174347.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '768886c7.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173613.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '23f0820c.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173612.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2e66f324.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173611.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '323be72d.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172927.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '03e8aae3.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172451.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6fbebed5.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172417.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '26249bd2.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172416.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7db19303.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172415.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1b039fea.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172409.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4c8ded42.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172389.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6efdba36.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172299.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '06edc0a0.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172282.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '269bc425.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171597.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '73bf8291.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171596.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '129fa32f.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171595.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7733e1a4.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170845.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '12e49505.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170536.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0100a996.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169626.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '13b9d52b.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169315.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '04e9b699.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168565.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5ecb8409.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168564.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7bc6fe1d.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168563.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0f9de66e.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167428.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2d9fb4e1.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167425.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '580cccf8.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0166236.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '735b90f8.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165557.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '143cd847.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165556.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5f4ce151.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165555.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5fb2eb00.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165068.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '151dbe10.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164068.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7b3491d9.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164067.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3614cfa9.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164047.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5e30e892.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163559.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2481d25b.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163118.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '55d38e1e.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162901.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2534a40e.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162900.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5e44d85b.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162899.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '101fab31.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161941.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6e64d017.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161299.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1afef864.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161298.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '11caa40d.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161297.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4212b7cf.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160337.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '277b9ca5.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160336.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0f80cc07.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160333.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7b2395bd.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157053.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '342eed34.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157050.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
 
[NOTE] The file was moved to the quarantine directory under the name '0bfab492.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0154807.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '71ccb724.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0153534.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '21c4b054.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0153065.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '77ccba19.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0152080.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '307cbeca.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP739\A0148618.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1330d048.qua'.
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP738\A0112568.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '54bbf9a6.qua'.
C:\Program Files\Google\Update\GoogleUpdatemgrmgrmgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2699aafd.qua'.
C:\Program Files\Google\Update\GoogleUpdatemgrmgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0df6e9eb.qua'.
C:\Program Files\Google\Update\GoogleUpdatemgr.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4e6fe754.qua'.
C:\Documents and Settings\peter brown\Local Settings\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan
[NOTE] The file was moved to the quarantine directory under the name '04a79e69.qua'.
C:\Documents and Settings\peter brown\Local Settings\Temp\jar_cache3884259870189179631.tmp
[DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
[NOTE] The file was moved to the quarantine directory under the name '09ec80d2.qua'.
C:\Documents and Settings\peter brown\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-563c88be
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Scuds.A Java virus
[NOTE] The file was moved to the quarantine directory under the name '2608c815.qua'.
C:\Documents and Settings\lorraine hobson\Start Menu\Programs\Startup\tesykeca.exe
[DETECTION] Is the TR/Lebag.dae Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '19c38151.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\xd_receiver[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '263097c8.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\celticminded_com[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '43fac71c.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '65dce075.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6971b30d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\searchblurb[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5c09c5d7.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\newreply[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2707c29d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '013ec7a6.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\HistoryFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6db68a61.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\adloader[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4ddd9fcd.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\1@x13[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2ae6f504.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[3].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '570996cf.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0b3299d0.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '436da22e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\resourcespreload[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2da7cfd0.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CATA2R6B.HTM
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '087f9152.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CA1B2Y14.HTM
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7a4b81fe.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '14f2bd29.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\xmlProxy[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7a0d85d4.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '041cdc34.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1d858c9d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\Messenger[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0d68e358.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[2].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '14e4ee42.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '55bab31d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\LocalStorage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5b2be776.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\jump1[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7764e7d3.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\HomePage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4192c812.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '41e8a01a.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3ae89e2e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\jump1[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3f6bbd72.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\WebIMPop[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via
 
Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '50e6fa6d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '797e81cd.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\stage1b[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1d99d538.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7425a3a9.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\RteFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0164c952.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\xmlProxy[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2081f203.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0214c456.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '05b9a81a.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\mainHomepage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5a73c671.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\blank[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0af3ebcc.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\Search[2].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '52eb8030.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\NavBar[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '00b5c16b.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\MergedLoginHistoryFrame[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '073ab4ef.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '72a09252.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '133cd645.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\showthread[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0283c06d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\forumdisplay[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2b148b04.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\clickenc=http___bid.openx[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '045ef706.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\DJS2XFIR\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3941d6bc.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '10ce9d90.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1896e4e1.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\8D8AXQ9N\proxy[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '65b9d0b6.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[2].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6ac98e51.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4009f72e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\newreply[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2127c75c.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\InboxLight[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5e2db1ca.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\HHWRAPPER[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '47db91fa.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\getdata[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1fdbf0ec.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic58138[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0829a173.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic166085[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '79b5be2e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\search[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '766ad83e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\net[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5e5ab140.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\login[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1395b03e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\EditMessageLight[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2435e2da.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\Context[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2223c4de.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\ads[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6b87e0cc.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\MiniNavBar[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5da3907c.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\menu28[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2993db3e.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '03e8e20d.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\how-to-disable-script-blocking-392291[1].html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4493e879.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\firstpage[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1e5fb12c.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\button[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '40bad8ce.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\11307225621@x50[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '50bebd00.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\subsite[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '383fdee8.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\login[1].htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '193596c7.qua'.
C:\Documents and Settings\lorraine hobson\Local Settings\Temp\ljqtpgej.exe
[DETECTION] Is the TR/Drop.41984 Trojan
[NOTE] The file was moved to the quarantine directory under the name '72e6a896.qua'.
C:\Documents and Settings\lorraine hobson\Desktop\y15z1efj.exe
[DETECTION] Contains code of the W32/Ramnit.C Windows virus
[NOTE] The file was moved to the quarantine directory under the name '7206fda4.qua'.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0ccfa8ea.qua'.


End of the scan: 06 June 2011 07:31
Used time: 4:14:00 Hour(s)

The scan has been done completely.

9671 Scanned directories
470882 Files were scanned
160 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
160 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
470722 Files not concerned
12843 Archives were scanned
0 Warnings
160 Notes
651513 Objects were scanned with rootkit scan
0 Hidden objects were found
 
OK, let me explain: Even though you see a gazillion entries from the Avira scan, I only see the following:

1. Location >> System Volume: anything located here is no longer active in the system. This is where the System Restore point are. The only way an of these entries could cause a problem is IF you decided to do a System Restore and IF you happened to choose one of the infected restore points, that you 'might' reinfect the system-but-
You are instructed not to do a System Restore while cleaning.
I will have you drop all of the old restore points when we have finished cleaning and then set a new clean one.

2.Location: >>Temporary Internet Files These are files that you pick up during your surfing.
  • Good maintenance will keep them at a minimum.
  • Disc Cleanup will remove them.
  • The browser can be set to delete them each time you close the browser
  • Or running a cleaning program like the following will remove then: ATF Cleaner by Atribune

    3. Detection:>>Ramnit. The presence of an incurable file infector named Ramnit
    This is what I expected when I had you run the userinit.exe scan
    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    #1 and #2 are of no concern if this is a Ramnit infection. Removing entries in either of those locations would not 'cure' the system.

    I would like you to try the VirSCAN again. Please note: It must be done on the same computer and account that the Avira scan was run on. Any entries in docs & settings have the name 'lorraine hobson'. I have made a change in the code box and you only need to run the scans on VirSCAN:

    Please go to VirSCAN.org FREE on-line scan service:

    • [1]. Copy and paste each of the following file paths into the Suspicious files to scan box on the top of the page.

      Code: 
        [b]c:\windows\system32\userinit.exe

    c:\windows\explorer.exe

    c:\window\system32\svchost.exe[/b]
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. Note: you will not see the clipboard, but if you open Notepad> Click on Format and make sure 'Word Wrap' is unchecked> Do a Ctrl V, then contents will appear on Notepad. Then paste it in the next reply.
      [6]. Paste the contents of the Clipboard in your next reply.
 
i have been called overseas with work and wont be home until friday evening and i will run this on friday.

thanks for your help.

please dont delete the thread, the computer is switched off and no-one will use it.
 
Hi,

thanks for your patience. Here is the 'windows explorer' log:

VirSCAN.org Scanned Report :
Scanned time : 2011/03/27 14:32:31 (BST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://file.virscan.org/report/635184550864d66ff4c20a6b2e0061e6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110327010737 2011-03-27 8.16 -
AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 4.07 -
AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.31 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 -
Arcavir 2010 201103240801 2011-03-24 0.00 -
Authentium 5.1.1 201103271122 2011-03-27 2.60 -
AVAST! 4.7.4 110327-0 2011-03-27 0.07 -
AVG 8.5.850 271.1.1/3516 2011-03-19 0.24 -
BitDefender 7.90123.7000471 7.36815 2011-03-27 6.50 -
ClamAV 0.96.5 12911 2011-03-26 0.26 -
Comodo 4.0 8124 2011-03-27 1.16 -
CP Secure 1.3.0.5 2011.03.26 2011-03-26 0.11 -
Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.29 -
F-Prot 4.4.4.56 20110326 2011-03-26 2.51 -
F-Secure 7.02.73807 2011.03.27.01 2011-03-27 4.62 -
Fortinet 4.2.254 13.48 2011-03-26 0.55 -
GData 21.2140/21.773 20110327 2011-03-27 11.72 -
ViRobot 20110326 2011.03.26 2011-03-26 0.44 -
Ikarus T3.1.32.20.0 2011.03.27.78030 2011-03-27 4.79 -
JiangMin 13.0.900 2011.03.27 2011-03-27 1.58 -
Kaspersky 5.5.10 2011.03.27 2011-03-27 0.12 -
KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 0.86 -
McAfee 5400.1158 6297 2011-03-26 8.16 -
Microsoft 1.6702 2011.03.27 2011-03-27 14.20 -
NOD32 3.0.21 5988 2011-03-26 0.01 -
Norman 6.07.03 6.07.00 2011-03-26 9.94 -
Panda 9.05.01 2011.03.27 2011-03-27 3.67 -
Trend Micro 9.200-1012 7.930.06 2011-03-27 0.04 -
Quick Heal 11.00 2011.03.26 2011-03-26 1.61 -
Rising 20.0 23.50.05.05 2011-03-26 2.98 -
Sophos 3.16.1 4.62 2011-03-27 5.81 -
Sunbelt 3.9.2486.2 8831 2011-03-26 5.15 -
Symantec 1.3.0.24 20110326.002 2011-03-26 0.66 -
nProtect 20110326.01 3275801 2011-03-26 16.42 -
The Hacker 6.7.0.1 v00159 2011-03-26 1.56 -
VBA32 3.12.14.3 20110325.1219 2011-03-25 4.03 -
VirusBuster 5.2.0.28 13.6.271.0/48521222011-03-26 0.00 -
 
for the first on the list of 3 i am getting this message:

The file are userinit.exe uploaded by other users and scanned successfully at 2011/03/17 23:01:23, and 37 softwares update the database from last scan to now.

choice: Scan result or rescan

i am choosing rescan

the result: ERROR: Can't find upload file!
 
for:

c:\window\system32\svchost.exe

Path does not exist please verify the correct path was given.

note: this message comes from my computer and not the website.
 
i think ive managed to get the 3rd one to scan:


VirSCAN.org Scanned Report :
Scanned time : 2011/06/10 22:18:27 (BST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://file.virscan.org/report/00dff1361819c0c3a21d130fdc86a3b2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110611040745 2011-06-11 5.55 -
AhnLab V3 2011.06.11.00 2011.06.11 2011-06-11 2.13 -
AntiVir 8.2.5.14 7.11.9.156 2011-06-10 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201105080215 2011-05-08 0.03 -
Authentium 5.1.1 201106101924 2011-06-10 1.41 -
AVAST! 4.7.4 110610-1 2011-06-10 0.01 -
AVG 8.5.850 271.1.1/3692 2011-06-10 0.23 -
BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
ClamAV 0.96.5 13177 2011-06-10 0.01 -
Comodo 4.0 9021 2011-06-10 1.25 -
CP Secure 1.3.0.5 2011.06.10 2011-06-10 0.04 -
Dr.Web 5.0.2.3300 2011.06.11 2011-06-11 12.52 -
F-Prot 4.4.4.56 20110610 2011-06-10 1.41 -
F-Secure 7.02.73807 2011.06.10.05 2011-06-10 12.68 -
Fortinet 4.2.257 13.310 2011-06-10 0.22 -
GData 22.584/22.154 20110610 2011-06-10 9.07 -
ViRobot 20110610 2011.06.10 2011-06-10 0.38 -
Ikarus T3.1.32.20.0 2011.06.10.78574 2011-06-10 4.78 -
JiangMin 13.0.900 2011.06.10 2011-06-10 1.58 -
Kaspersky 5.5.10 2011.06.10 2011-06-10 0.10 -
KingSoft 2009.2.5.15 2011.6.10.18 2011-06-10 0.78 -
McAfee 5400.1158 6368 2011-06-05 9.46 -
Microsoft 1.6903 2011.06.10 2011-06-10 7.32 -
NOD32 3.0.21 6197 2011-06-10 0.01 -
Norman 6.07.10 6.07.00 2011-06-10 14.02 -
Panda 9.05.01 2011.06.10 2011-06-10 2.35 -
Trend Micro 9.200-1012 8.214.11 2011-06-10 0.03 -
Quick Heal 11.00 2011.06.09 2011-06-09 1.18 -
Rising 20.0 23.61.04.07 2011-06-10 2.16 -
Sophos 3.20.2 4.66 2011-06-11 3.54 -
Sunbelt 3.9.2494.2 9544 2011-06-10 0.71 -
Symantec 1.3.0.24 20110610.002 2011-06-10 0.05 -
nProtect 20110601.01 3460661 2011-06-01 7.60 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.58 -
VBA32 3.12.16.1 20110609.2030 2011-06-09 4.37 -
VirusBuster 5.3.0.4 14.0.75.2/5348666 2011-06-10 0.00 -
 
Can you clear this up for me please?
1. There is one computer.
2. You have a user account> you are the one who is experiencing the redirect.
3. Your wife has a user account (lorrainehobson)
4. You said:
my system wont allow me to start in safe mode with or without metworking. Im at my wits end! i cant load the dds as i get a message saying unable to establish a connection
yet i know i am online with a good wireless signal.
Click to expand...
What puzzles me is that this is one computer> one account can connect to the internet but the other can't- is that correct?
5. Why were you trying to get into Safe Mode. These scans are run in Normal Mode if it's available. You did the virus scan in Normal Mode. There are times when GMER won't run. IF that happens, one of the things we suggest is to try and run it in Safe Mode. But otherwise, Normal Mode should be used.
6. Then you told me:
my DDs and GMER files were done from my wifes log in (as my log in couldnt upload the files)my previous post is from my log in but the second file you asked for couldnt be found. I have loggen in again using the wifes.
Click to expand...
7. The logs were run on the Run by lorraine hobson at 21:13:31 on 2011-06-04 account
===========================================
Regarding the download, install and running of the scan:
The download can be done to a flash drive if needed.
The installation has to be on the computer with the problem>>> and in your case, the account with the problem and the scans have to be run on the account with the problem.

Do you understand what I mean here? If you are the one being redirected to 'licosearch', then doing the scans on your wife's account isn't going to show us what's on your account. Any of the entries with a name in them all have 'lorraine hobson.'

The issue here is: "My browser redirects me to licosearch and wont allow lots of web pages to load."

Since licosearch.com belongs to a malicious domain, I'm going to have you block the domain on both your and your wife's account. You will do #1, #2 and #3 in Internet Options, doing the same thing on both accounts, the same way on each:

1. Restricting the Domain:
Open Internet Options either through the Control Panel or Tools in Internet Explorer> Choose the Security tab: Restricted Sites> Sites> type the following in the dialog box for 'Add this website'> Click on Add after each:
*.licosearch.com
licosearch.*
Click to expand...
When you have finished Click on OK

2. Resetting the Cookies:
Then choose the Privacy Tab
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
==========================================
3. Deleting Files and Cookies
Now choose the General tab> Temporaery Internet Files section> Click on each 'Delete files'> 'Delete Cookies'> Move down to the History section> Click on Delete History.
Whe finished> Click on OK

When you have finished setting both accounts with the Restricted Sites , resetting the Cookies, deleting the temporary internet files, Cookies and History> Click on OK> Apply> OK

Reboot the computer.
===================================
Run the following: Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
 
hi,

thanks for your help.

i decided to do a system recovery having read a few other posts on this forum around the type of virus i think the pc contacted Ramnit (post 17).

i dont really keep anything of real importance on the pc and (as you can probably tell) im not the most knowledgable in finding my way around technically.

This added to my regular working away from home means i would have been weeks sorting it out.

The PC is running great, i have downloaded AVIRA and using that as my antivirus, i have updated JAVA and Adobe. I have updated from the microsoft website too.

I know this ramnit thing might reappear, but for now all seems well. I did a full scan with AVIRA and it was clear.

Is there anything else i can do, anything else i should do. All tips to stay clean would be gratefully appreciated.
 
Status
Not open for further replies.

Similar threads

N
Apple Silicon Macs review roundup: So it begins
Replies
12
Views
3K
sreams
S
M
Solved Entry Point Not Found / *32 Problem
2
Replies
47
Views
12K
Broni
Broni
G
Delete Yahoo as default browser, annoying ads and fix firefox will not play youtube videos
Replies
0
Views
3K
Grant Springs
G

Latest posts

Back