Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> Varous Malware - Identitytheft, how do I remove malware & restore files
Nimshie29
post Jun 11 2008, 01:14 AM
Post #1


New Member
*

Group: Members
Posts: 13
Joined: 10-June 08
Member No.: 215,337
Hi Guys,

After having my Visa card used fraudulently I have been cleaning up my system. I have used Avast Antivirus and SuperspyWare remover.

The results are attached. After searching around trying to determine how to repair/replace/fix quarantined items I was directed to your forum and have followed the preparation guide except I have submitted Avast results ( which needs to be opened with
Avast file 'ashchest.exe ' instead of a Kaperssky scan.
Looking forward to having a safe system.
Thank you all.

Nimshie29

PS I am having problems saving the Avast results file and will send them separately. Rgds,N
-----------
-----------
Hi Guys,

The only way I could get this file to upload was by zipping it. Once unzipped I think you will still have to use Avast Chest to open it.

I hope it works OK.

Thanks again,

Nimshie29

Merged posts. ~ OB

This post has been edited by Orange Blossom: Jun 11 2008, 05:26 PM
Attached File(s)
Attached File  SUPERAntiSpyware_Scan_Log___06_10_2008___07_57_04.log ( 16.11k ) Number of downloads: 11
Attached File  DSS1006main.txt ( 19.94k ) Number of downloads: 14
Attached File  A0225951.zip ( 270.26k ) Number of downloads: 9
 
Go to the top of the page
 
+Quote Post
suebaby41
post Jul 4 2008, 03:40 PM
Post #2


W.A.M. (Women Against Malware)
******

Group: HJT Team
Posts: 1,733
Joined: 3-January 05
From: South Carolina, USA
Member No.: 8,530
Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I don't think that you are attaching anything scary but others may do so. Thanks.


--------------------
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Join The Fight Against Malware

Go to the top of the page
 
+Quote Post
Nimshie29
post Jul 5 2008, 09:33 PM
Post #3


New Member
*

Group: Members
Posts: 13
Joined: 10-June 08
Member No.: 215,337

* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 5:19:52 PM
* VPS: 080524-0, 24/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E€ [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 165369
Total folders: 3535
Total size: 25.3 GB

*
* Task stopped: Sunday, 25 May 2008 5:44:53 PM
* Run-time was 25 minute(s), 1 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 8:23:42 PM
* VPS: 080525-0, 25/05/2008
*

Infected files: 0
Total files: 739
Total folders: 3
Total size: 46.5 MB

*
* Task stopped: Sunday, 25 May 2008 8:23:53 PM
* Run-time was 11 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 9:07:09 AM
* VPS: 080525-0, 25/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\tbupdate.cab\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 4
Total files: 1327005
Total folders: 11155
Total size: 75.2 GB

*
* Task stopped: Monday, 26 May 2008 11:43:37 AM
* Run-time was 2 hour(s), 36 minute(s), 28 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:29:11 PM
* VPS: 080526-0, 26/05/2008
*

Infected files: 0
Total files: 736
Total folders: 3
Total size: 27.1 MB

*
* Task stopped: Monday, 26 May 2008 2:29:26 PM
* Run-time was 15 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:30:26 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Desktop\Vius\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
Infected files: 2
Total files: 46542
Total folders: 1645
Total size: 10.1 GB

*
* Task stopped: Monday, 26 May 2008 2:42:12 PM
* Run-time was 11 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:42:47 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E€ [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 160179
Total folders: 3531
Total size: 24.4 GB

*
* Task stopped: Monday, 26 May 2008 3:26:33 PM
* Run-time was 43 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 6:07:40 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E€\a folder.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E€\E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E€\€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E€ [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229768.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229769.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229770.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP662\A0229801.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 8
Total files: 1327204
Total folders: 11155
Total size: 75.3 GB

*
Go to the top of the page
 
+Quote Post
Nimshie29
post Jul 5 2008, 09:35 PM
Post #4


New Member
*

Group: Members
Posts: 13
Joined: 10-June 08
Member No.: 215,337
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 19:42:32
Records in database: 913699
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 103518
Threat name: 6
Infected objects: 11
Suspicious objects: 1
Duration of the scan: 04:31:07


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\pop.mail.yahoo.com.au\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.f 3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Mostofate.bd 3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.i 1
C:\Documents and Settings\Administrator\Local Settings\Temp\htLXD3p7.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1
C:\Documents and Settings\Administrator\Local Settings\Temp\qs6biTOl.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1
C:\My Downloads\TrueSword4.exe Infected: not-a-virus:FraudTool.Win32.TrueSword.a 1
C:\MyDocuments\My Downloads Music\disneys finding nemo dvd.wm Infected: Trojan-Downloader.WMA.Wimad.m 1

The selected area was scanned.
Go to the top of the page
 
+Quote Post
Nimshie29
post Jul 5 2008, 09:47 PM
Post #5


New Member
*

Group: Members
Posts: 13
Joined: 10-June 08
Member No.: 215,337
Hi Suzie,

Sorry about all the space but this is the only way I can send it without an attachment I think?.
Regarding my identity theft, I found a cookie for one of the companies where my credit card details were used. I doubt if this would mean much. Do you know? Where possible I would like to be able to return any significant files to their origin after fixing the malware. Any advice will be greatly appreciated.
Regards,

John Smith

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2008 at 07:57 AM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Complete Scan
Total Scan Time : 00:58:26

Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 6411
Registry threats detected : 24
File items scanned : 25172
File threats detected : 53

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
C:\PROGRA~1\EMUSIC~1\TBU4A\TBHELPER.DLL
C:\PROGRAM FILES\EMUSIC TOOLBAR\TBU4A\TBHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myaccount.centrelink.gov[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adv.medscape[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data3.perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
.toplist.cz [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.stumbleupon.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.ehg-newscientist.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.ehg-newscientist.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
count.rbc.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
count.rbc.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.list.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version

Unclassified.PC MightyMax
HKU\S-1-5-21-73586283-776561741-725345543-500\Software\PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax
C:\PROGRAM FILES\PCMIGHTYMAXSETUP.EXE

Adware.UpMedia/SearchTool
HKU\S-1-5-21-73586283-776561741-725345543-500\Software\UpMedia

Trojan.Dropper/Multi-MBAD
C:\WINDOWS\SYSTEM32\CNMS400.EXE

Adware.SearchTool
C:\WINDOWS\SYSTEM32\SEARCHENHANCER\NSD7.DLL
Go to the top of the page
 
+Quote Post
suebaby41
post Jul 6 2008, 03:19 PM
Post #6


W.A.M. (Women Against Malware)
******

Group: HJT Team
Posts: 1,733
Joined: 3-January 05
From: South Carolina, USA
Member No.: 8,530
Please post a new HijackThis log. All the information you gave me so far will help me analyze your HijackThis log. Thanks.


--------------------
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Join The Fight Against Malware

Go to the top of the page
 
+Quote Post
Nimshie29
post Jul 7 2008, 01:07 AM
Post #7


New Member
*

Group: Members
Posts: 13
Joined: 10-June 08
Member No.: 215,337
Hi Guys and Girls,

Suziebaby has asked me to submit a new topic as this one is getting long in the tooth.

I have provided all the results of my scans including Avast Virus scan previously. I hope to be able to repair some files and restore them. Identification of any that look like being involved with identity theft would be helpful. I found a cookie belonging to Starbucks Coffee, USA, but I doubt if this is related to the fraud. I would just like to be sure my system is functional as possible without returning any files that will make me likely to ID theft again.

See previous emails for scan results.
My OS is windows xp Prof. Is fully updated. I was using AG Virus scan and Zone Alarm firewall until I found out about the ID theft. I used to scan often with Spybot.
Since the theft I have been using Windows Firewall, Avast Virus scanner and scan with MS Baseline Security. Any advice with the infected files would be very welcome.
I hope this is sufficient.
Regards,
Nimshie29 thumbup2.gif
Go to the top of the page
 
+Quote Post
Orange Blossom
post Jul 7 2008, 05:13 PM
Post #8


The Bookworm
******

Group: Moderator
Posts: 4,694
Joined: 14-July 06
From: Bloomington, IN
Member No.: 76,150
Hello Nimshie29,

I have merged your latest topic with your previously existing topic. Please keep all posts regarding this issue to this topic. Starting new topics confuses things and delays the assistance you receive.

I'm afraid you misunderstood suebaby41's instructions. What she wants is for you to create a new HiJack This log on your computer and post it as a reply to this thread. A HiJack This log starts with something like this:

QUOTE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:46 PM, on 7/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal


Back to you suebaby41,

Orange Blossom fruits_cherry.gif


--------------------
Orange Blossom

An ounce of prevention is worth a pound of cure

ESET NOD32, AVG Anti-spyware Free, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.5, WinPatrol Plus, Sunbelt Personal Firewall - Full, Comodo BOClean 4.27, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Go to the top of the page
 
+Quote Post
suebaby41
post Jul 7 2008, 08:18 PM
Post #9


W.A.M. (Women Against Malware)
******

Group: HJT Team
Posts: 1,733
Joined: 3-January 05
From: South Carolina, USA
Member No.: 8,530
Thanks, Orange Blossom. Sorry for the confusion.


--------------------
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Join The Fight Against Malware

Go to the top of the page
 
+Quote Post
suebaby41