Redirect, popups telling me to click for virus protection

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Redirect, popups telling me to click for virus protection, Do not know how to remove it

Options

JstnGSD View Member Profile	Dec 11 2008, 05:23 PM Post #16
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	39B7A77219AF411A has a white page icon next to it. What program do I use to open it? (I'm following the prompts)

miekiemoes View Member Profile	Dec 11 2008, 05:29 PM Post #17
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	Not sure if I understand you... QUOTE What program do I use to open it? (I'm following the prompts) To open what? Could you open the folder c:\windows\system32\39B7A77219AF411A now?? Or does it ask what program to use to open it instead? Is the context menu "take ownership" now present? If so, and since I'm 99% sure that the c:\windows\system32\39B7A77219AF411A is malware, rightclick it, select to take ownership and then select to delete it. If that didn't work, then it means that something may be loading it (which above logs didn't show). If so, then * Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Post the log from ComboFix when you've accomplished that. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

miekiemoes View Member Profile	Dec 11 2008, 05:42 PM Post #18
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	Hi, I won't be able to reply within the next couple of hours since it's almost midnight here and I need my bed. So I'll reply tomorrow in the morning. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 11 2008, 05:45 PM Post #19
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	I did open and delete it. How do I find out if it worked? The Kaspersky is still updating the database, should I wait for it to finish?

miekiemoes View Member Profile	Dec 11 2008, 05:50 PM Post #20
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	QUOTE I did open and delete it. How do I find out if it worked? If you deleted it, then it's OK and there are no further steps required except for the Kaspersky online scanner. QUOTE The Kaspersky is still updating the database, should I wait for it to finish? Yes please. Updating the database may take some time - so be patient. The Kaspersky online scan is a final check to see if there are any leftovers present. Take your time -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 11 2008, 11:16 PM Post #21
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, December 11, 2008 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, December 11, 2008 19:37:57 Records in database: 1452868 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 212633 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 05:12:56 File name / Threat name / Threats count C:\Users\Justin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\492dc15a-58d4e214 Infected: Trojan-Downloader.Java.OpenStream.ac 1 The selected area was scanned.

miekiemoes View Member Profile	Dec 12 2008, 01:55 AM Post #22
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	Hi, Only a small leftover. Clear your Java cache: Clearing Java Cache: Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Under Temporary Internet Files, click the Settings button. Click the Delete Files... button below. Make sure next are checked: Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Let me know in your next reply how things are now. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 15 2008, 06:14 PM Post #23
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	I think I followed your directions but must have done something wrong. It's running really slowly and there are a bunch of new files that have $ in the name. I'm going to start over from the beginning.

miekiemoes View Member Profile	Dec 16 2008, 01:04 AM Post #24
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	QUOTE It's running really slowly and there are a bunch of new files that have $ in the name. That's a Windows update. Those files are files related with Windows updates and may also explain why things are running slower.. because you're in the middle of an update. Please reboot afterwards and see if that makes a difference. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 16 2008, 01:39 AM Post #25
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	All that stuff has been there for days, as has been the slow speed. On my C drive there is a folder that keeps reappearing that labeled $AVG8.VAULT$ another is $RECYCLE.BIN. I ran another Kaspersky scan as well as well as DDS. Should I post the results?

miekiemoes View Member Profile	Dec 16 2008, 07:19 AM Post #26
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	Yes, please post the results. The files you mention are related with AVG and your recycle bin. From your previous log I see you actually have fixed all entries in HijackThis, including the ones related with AVG. This means that AVG isn't running properly here (since you fixed those entries) and that may cause the slowdown. I suggest you uninstall AVG, reboot and reinstall it again. On the other side... From your log: QUOTE System drive C: has 4 GB (4%) free of 106 GB Total RAM: 958 MB (21% free) Since you're running Vista, 958MB is actually way too low, so it's normal that everything is slowly. Also the fact that there's only 4GB of space left is also a reason why things are slower than it's supposed to be. Edited to add.... The fact that you say that the files keep REAPPEARING, so I assume that you've deleted them??? You may not delete them!! It's totally normal that the $RECYCLE.BIN reappears again after you have deleted it - because that's your recycle bin! Please do NOT delete any folders and files that look suspicious. The fact that you see these files/folders is because I asked you previously to reveal hidden files and folders. That's why you didn't see them before because they were hidden. So I suggest you hide hidden files and folders again - the opposite way as how you revealed them. I really really hope that you didn't delete any of those folders and files, because if you did, then it wouldn't suprise me that you're having problems with your computer. In such cases, a reinstall will be the only solution to make things working properly again.. This post has been edited by miekiemoes: Dec 16 2008, 07:45 AM -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 17 2008, 12:12 PM Post #27
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	The $RECYCLE.BIN has never been there before, here's the scan results. DDS (Version 1.0.1) - NTFSx86 Run by Justin at 22:24:32.31 on Mon 12/15/2008 Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_11 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.267 [GMT -8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Users\Justin\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\WerCon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\mcupdate.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Justin\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll uRun: [BitTorrent DNA] "c:\users\justin\program files\dna\btdna.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\vbn55rtk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ ============= SERVICES / DRIVERS =============== R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-10-8 810320] =============== Created Last 30 ================ 2008-12-14 13:36 <DIR> --d-h--- C:\$AVG8.VAULT$ 2008-12-11 14:02 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-10 08:48 2,048 a------- c:\windows\system32\tzres.dll 2008-12-09 14:18 297,472 a------- c:\windows\system32\gdi32.dll 2008-12-09 14:18 1,687,040 a------- c:\windows\system32\gameux.dll 2008-12-09 14:18 28,672 a------- c:\windows\system32\Apphlpdm.dll 2008-12-09 14:18 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2008-12-05 16:53 <DIR> --d----- c:\users\justin\appdata\roaming\Malwarebytes 2008-12-05 16:53 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-12-05 16:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-05 16:53 <DIR> --d----- c:\programdata\Malwarebytes 2008-12-05 16:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2008-12-05 16:53 <DIR> --d----- c:\progra~2\Malwarebytes 2008-12-04 19:57 <DIR> --d----- c:\users\justin\.SunDownloadManager 2008-12-01 21:33 <DIR> --d----- c:\program files\Total Video Player 2008-11-25 11:36 241,152 a------- c:\windows\system32\PortableDeviceApi.dll 2008-11-25 11:36 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll 2008-11-25 11:36 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll 2008-11-25 11:36 712,192 a------- c:\windows\system32\WindowsCodecs.dll 2008-11-25 11:36 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll 2008-11-25 11:36 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll 2008-11-25 11:36 1,645,568 a------- c:\windows\system32\connect.dll 2008-11-16 23:05 1,524,736 a------- c:\windows\system32\wucltux.dll 2008-11-16 23:04 83,456 a------- c:\windows\system32\wudriver.dll 2008-11-16 23:03 162,064 a------- c:\windows\system32\wuwebv.dll 2008-11-16 23:03 31,232 a------- c:\windows\system32\wuapp.exe ==================== Find3M ==================== 2008-12-10 09:02 174 a--sh--- c:\program files\desktop.ini 2008-10-31 19:33 52,736 a------- c:\windows\apppatch\iebrshim.dll 2008-10-31 19:33 2,144,256 a------- c:\windows\apppatch\AcGenral.dll 2008-10-31 19:33 537,600 a------- c:\windows\apppatch\AcLayers.dll 2008-10-31 19:33 449,536 a------- c:\windows\apppatch\AcSpecfc.dll 2008-10-31 19:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2008-10-31 15:23 2,560 a------- c:\windows\apppatch\AcRes.dll 2008-10-28 22:20 2,923,520 a------- c:\windows\explorer.exe 2008-10-16 13:36 86,016 a------- c:\windows\inf\infstrng.dat 2008-10-16 13:36 86,016 a------- c:\windows\inf\infstor.dat 2008-10-16 13:36 51,200 a------- c:\windows\inf\infpub.dat 2008-10-15 20:40 826,368 a------- c:\windows\system32\wininet.dll 2008-10-15 20:40 56,320 a------- c:\windows\system32\iesetup.dll 2008-10-15 20:40 26,624 a------- c:\windows\system32\ieUnatt.exe 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-17 20:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe 2008-09-17 20:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe 2008-09-17 18:03 2,027,520 a------- c:\windows\system32\win32k.sys 2008-08-27 15:48 13,072 a------- c:\users\justin\appdata\roaming\nvModes.dat 2008-06-15 19:12 665,600 a------- c:\windows\inf\drvindex.dat 2008-04-28 20:17 545,278 a------- c:\users\justin\Autoruns.zip 2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-08-20 09:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-08-20 09:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-08-20 09:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 22:25:20.33 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Version 1.0) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/5/2007 2:34:22 AM System Uptime: 12/15/2008 3:34:12 PM (7 hours ago) Motherboard: Quanta \| \| 30D3 Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-55 \| Socket S1 \| 1800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 104 GiB total, 4.402 GiB free. D: is FIXED (NTFS) - 8 GiB total, 1.761 GiB free. E: is CDROM (UDF) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP295: 12/15/2008 3:25:17 PM - Removed AVG Free 8.0 RP296: 12/15/2008 3:30:37 PM - Installed AVG Free 8.0 ==== Installed Programs ====================== µTorrent 2007 Microsoft Office Suite Service Pack 1 (SP1) 32 Bit HP CIO Components Installer 5700_Help Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Software Update Atlas_3 AutoUpdate Avanquest update BitTorrent BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Business Plan Pro 11.0 Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Conexant HD Audio CustomerResearchQFolder Data Access Objects (DAO) 3.5 Destinations DeviceManagementQFolder DivX Codec DivX Converter DivX Player DivX Web Player DNA DocProc DocProcQFolder Driver Install ESU for Microsoft Vista eSupportQFolder Fax gigabeat S Series Manual Google Earth Google Toolbar for Internet Explorer Google Updater Hewlett-Packard Active Check for Health Check Hewlett-Packard Asset Agent for Health Check HijackThis 2.0.2 HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Participation Program 8.0 HP DVD Play 3.2 HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Officejet All-In-One Series HP Photosmart Essential HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Quick Launch Buttons 6.20 D3 HP Solution Center 8.0 HP Total Care Advisor HP Update HP User Guides 0041 HP Wireless Assistant HPNetworkAssistant HPProductAssistant HPSSupply J5700 Jasc Animation Shop 3 Jasc Paint Shop Pro 9 Java™ 6 Update 11 Java™ 6 Update 5 K-Lite Codec Pack 3.2.5 Standard Kodak EasyShare software LightScribe 1.4.136.1 Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft Expression Web Microsoft Expression Web MUI (English) Microsoft Expression Web Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Works Motorola Driver Installation 3.7.0 Motorola Phone Tools Mozilla Firefox (3.0.1) MP4 Player MSCU for Microsoft Vista MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK My HP Games NVIDIA Drivers PDF Settings ProductContext PSSWCORE QuickBooks Pro Timer QuickBooks Simple Start 2008 (Plus Pack) QuickTime Rhapsody Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Visio 2007 (KB947590) Soft Data Fax Modem with SmartCP SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 Status SupportSoft Assisted Service Synaptics Pointing Device Driver Toolbox TrayApp Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office Access 2007 Help (KB957241) Update for Microsoft Office Excel 2007 Help (KB957242) Update for Microsoft Office InfoPath 2007 Help (KB957243) Update for Microsoft Office OneNote 2007 Help (KB957245) Update for Microsoft Office Outlook 2007 (KB952142) Update for Microsoft Office Outlook 2007 Help (KB957246) Update for Microsoft Office PowerPoint 2007 Help (KB957247) Update for Microsoft Office Publisher 2007 Help (KB957249) Update for Microsoft Office Word 2007 Help (KB957252) Update for Microsoft Script Editor Help (KB957253) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb958619) Vongo WebReg ==== Event Viewer Messages =================== 12/8/2008 9:27:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance. 12/8/2008 9:27:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. 12/8/2008 7:34:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. ==== End Of File =========================== -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 15, 2008 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, December 15, 2008 19:36:05 Records in database: 1463736 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 210487 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 04:03:14 No malware has been detected. The scan area is clean. The selected area was scanned.

miekiemoes View Member Profile	Dec 17 2008, 12:32 PM Post #28
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	QUOTE The $RECYCLE.BIN has never been there before, here's the scan results. Believe me, it has always been present there, but it was invisible previously. The fact that I asked you to reveal hidden files and folders revealed it. Your logs look OK.. Nothing strange/suspicious. Please read my Prevention page with lots of info and tips how to prevent this in the future. And if you want to improve speed/system performance after malware removal, take a look here. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. Happy Surfing again! -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

JstnGSD View Member Profile	Dec 17 2008, 12:47 PM Post #29
Member Group: Members Posts: 36 Joined: 26-April 08 Member No.: 205,536	Thanks, I appreciate your help.

miekiemoes View Member Profile	Dec 17 2008, 12:49 PM Post #30
Malware Killer Dog Group: HJT Team Posts: 18,413 Joined: 18-February 05 From: Belgium Member No.: 12,408	You're most welcome -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides