 Have Recycler & Trojan Horse FakeAlert.KH, Can't get rid of either one of these. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 27 2009, 04:54 PM
Post
#1
|
|
|
Member  Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982  |
My internet browser keeps getting redirected. I'm getting multiple warning messages of: 'Are you sure you want to navigate away from this page?' when my brower isn't even open. The Screen has frozen completely a few times now - and had to restart. Random websites pop up, random music plays, and random people speak - when no browser is open. Often it says something like, "Congratulations, you won". I can't get my dvd burner [G:] to work - nero doesn't even find it. I can't defragment two of my drives, C: and H:. AVG says I'm clean and then the next day FakeAlert is back. I don't have any idea how to get rid of either of these. Thanks in advance, Katilyn DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 15:21:20.96 on Wed 05/27/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 ============== Pseudo HJT Report =============== uStart Page = hxxp://gridcom.net/IClient/Login.aspx?ReturnUrl=%2fiClient%2fdefault.aspx BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - e:\program files\ws_ftp pro\wsbho2k0.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0 mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.227,85.255.112.166 TCP: {FE72FDC3-D6F2-48AD-8472-F23492B6DE8B} = 85.255.112.227,85.255.112.166 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9528hve.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.sitesell.com/|http://www.essential-oil-mama.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z9528hve.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-05-26 12:36 <DIR> --d----- c:\program files\Cobian Backup 8 2009-05-24 17:44 <DIR> --d----- c:\windows\system32\appmgmt 2009-05-23 18:18 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-05-23 18:09 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-05-23 18:09 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-23 18:07 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-05-23 18:07 <DIR> --d----- c:\program files\common files\PC Tools 2009-05-23 18:06 <DIR> --d----- c:\program files\Spyware Doctor 2009-05-23 18:06 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools 2009-05-23 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-05-23 10:06 341 ---shr-- C:\autorun.inf 2009-05-06 03:00 <DIR> --d----- c:\windows\system32\KB905474 2009-05-04 15:42 <DIR> --d----- c:\program files\common files\SWF Studio ==================== Find3M ==================== 2009-05-27 09:05 21 a------- C:\qpmd8376.bin 2009-05-19 09:45 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-19 09:45 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll 2007-06-23 17:08 284 -c------ c:\docume~1\owner\applic~1\ViewerApp.dat 2004-04-28 00:19 233,160 ac------ c:\program files\LISTOOL.EXE 2004-02-11 16:32 257,189 ac------ c:\program files\LISTOOL.CHM 2008-09-23 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat ============= FINISH: 15:22:05.40 ===============
Attached File(s)
|
 |
 
|
|
May 28 2009, 11:30 PM
Post
#2
|
|
 malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hello Baybadoll,
Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. Please post the contents of that document. Please disable Spyware Doctor as it will prevent Malwarebytes from working. To disable Spyware Doctor from running on your system startup: 1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background. 2. Click the "Settings" button on the left side. 3. Click the "Startup Settings" link. 4. Uncheck "Run at Windows Startup". 5. Click the "Apply" button. Please download Malwarebytes' Anti-Malware from one of these places: http://download.cnet.com/Malwarebytes-Anti...&tag=button http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html http://www.besttechie.net/mbam/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. This post has been edited by SifuMike: May 28 2009, 11:33 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!  Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 29 2009, 09:37 AM
Post
#3
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
Hi! Thank you for such a quick response.
I am now on my laptop. My desktop computer crashed this morning. It is sitting on one of the startup screens... the motherboard screen. It says to press DEL to enter SETUP. But it won't respond to anything. I had just finished getting the checkup.txt, but I can't post it, obviously. Don't know if this is important, but.. Yesterday i restarted and it went to a blue screen that said a problem had been detected and windows was shut down to prevent damage. This was part of the message: IRQL_NOT_LESS_OR_EQUAL ***STOP: 0x0000000A (0x00000019, 0x00000002, 0x00000000, 0x804F35A2) Thank you for your help! Katilyn |
|
|
|
|
May 29 2009, 10:52 AM
Post
#4
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi Katilyn,
Looks like you probably have a hardware or driver problem.  I am not a Windows expert so I am going to refer you to another forum. Read these: You receive a "Stop 0x0000000A" error message in Windows XP http://support.microsoft.com/kb/314063 How to fix a Stop 0×0000000A error in Windows XP http://www.lancelhoff.com/stop-0x0000000a-error/ STOP 0x0000000A, 0x000000A (Parameter 1, Parameter 2, Parameter 3, Parameter 4) IRQL_NOT_LESS_OR_EQUAL http://www.geekswhoknow.com/articles/stop-...ss_or_equal.htm HijackThis does not have the capability to analyze performance, hardware or application issues. For the type of issue(s) you describe I would suggest posting to the Windows XP Home and Professional forum. The techs in that forum specialize in matters pertaining to Windows issues. Let them know that you have been to this forum and that I have refered you to their forum. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum. Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 30 2009, 03:22 PM
Post
#5
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
My computer booted back up. But will not run malwarebytes.
Here are the other logs. checkup: Results of screen317's Security Check version 0.98.3 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: `````````````````````````````` Windows Firewall Enabled! AVGFree8.5 Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: `````````````````````````````` Malwarebytes' Anti-Malware Java™ 6 Update 13 `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe `````````````````````````````` DNS Vulnerability Check: `````````````````````````````` Scan took 9 seconds. `````````End of Log``````````` dds: DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 15:15:58.10 on Sat 05/30/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe H:\Essential Essence\Site Build It\Cold Fusion\runtime\bin\jrunsvc.exe H:\Essential Essence\Site Build It\Cold Fusion\runtime\bin\jrun.exe H:\Essential Essence\Site Build It\Cold Fusion\db\slserver52\bin\swagent.exe H:\Essential Essence\Site Build It\Cold Fusion\db\slserver52\bin\swstrtr.exe H:\Essential Essence\Site Build It\Cold Fusion\db\slserver52\bin\swsoc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe E:\Program Files\PhAutoRun.exe E:\Program Files\QBOOKS\Components\QBAgent\QBDAgent.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://gridcom.net/IClient/Login.aspx?ReturnUrl=%2fiClient%2fdefault.aspx BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - e:\program files\ws_ftp pro\wsbho2k0.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0 mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\outloo~1.lnk - e:\program files\paypal payment request wizard\outlook wizard\OEHook.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - e:\program files\PhAutoRun.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - e:\program files\qbooks\components\qbagent\QBDAgent.exe IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.227,85.255.112.166 TCP: {FE72FDC3-D6F2-48AD-8472-F23492B6DE8B} = 85.255.112.227,85.255.112.166 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9528hve.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.sitesell.com/|http://www.essential-oil-mama.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z9528hve.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 325896] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-17 27784] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-31 298776] R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;h:\essential essence\site build it\cold fusion\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent" --> h:\essential essence\site build it\cold fusion\db\slserver52\bin\swagent.exe ColdFusion MX ODBC Agent [?] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?] S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2008-3-9 215708] S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2008-3-9 17263] S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2008-3-9 84092] =============== Created Last 30 ================ 2009-05-30 11:57 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 11:57 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-30 11:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-26 12:36 <DIR> --d----- c:\program files\Cobian Backup 8 2009-05-24 17:44 <DIR> --d----- c:\windows\system32\appmgmt 2009-05-23 10:06 437 ---shr-- C:\autorun.inf 2009-05-06 03:00 <DIR> --d----- c:\windows\system32\KB905474 2009-05-04 15:42 <DIR> --d----- c:\program files\common files\SWF Studio ==================== Find3M ==================== 2009-05-30 11:55 21 a------- C:\qpmd8376.bin 2009-05-19 09:45 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-19 09:45 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll 2007-06-23 17:08 284 -c------ c:\docume~1\owner\applic~1\ViewerApp.dat 2004-04-28 00:19 233,160 ac------ c:\program files\LISTOOL.EXE 2004-02-11 16:32 257,189 ac------ c:\program files\LISTOOL.CHM 2008-09-23 03:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat ============= FINISH: 15:16:17.85 ===============
Attached File(s)
|
|
|
|
|
May 30 2009, 04:49 PM
Post
#6
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi Baybadoll,
Make sure you disabe Spyware Doctor as it will prevent Malwarebytes from working. To disable Spyware Doctor from running on your system startup: 1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background. 2. Click the "Settings" button on the left side. 3. Click the "Startup Settings" link. 4. Uncheck "Run at Windows Startup". 5. Click the "Apply" button. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a Full scan. Post the Malwarebytes log. This post has been edited by SifuMike: May 30 2009, 04:52 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 30 2009, 06:22 PM
Post
#7
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
mbam log:
Malwarebytes' Anti-Malware 1.37 Database version: 2182 Windows 5.1.2600 Service Pack 3 5/30/2009 6:16:14 PM mbam-log-2009-05-30 (18-16-13).txt Scan type: Full Scan (C:\|D:\|E:\|H:\|) Objects scanned: 429556 Time elapsed: 45 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 29 Registry Values Infected: 4 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fe72fdc3-d6f2-48ad-8472-f23492b6de8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fe72fdc3-d6f2-48ad-8472-f23492b6de8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{fe72fdc3-d6f2-48ad-8472-f23492b6de8b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.227,85.255.112.166 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\tempo-171046.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\tempo-206828.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\tempo-251234.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\tempo-282046.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. |
|
|
|
|
May 30 2009, 06:32 PM
Post
#8
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi,
Please tell me how the computer is running. Please disable any running anti-virus program before running Kaspersky Online Scanner. If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html Close any open browsers Please do a scan with Kaspersky Online Scanner You can refer to this animation by sundavis. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
This post has been edited by SifuMike: May 30 2009, 06:35 PM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 31 2009, 07:48 AM
Post
#9
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
Hi!
Computer isn't slow anymore. Opening and closing folders and files normally. I still can't defragment the C: and H: drives. And Nero still doesn't find my DVD drives. No internet warning messages so far. No random pop ups or music. But it is still redirecting my browser from a google search. Here's another problem. From the Explorer My Computer page, every one of my hard drive icon links don't work. If I click on the address bar and select it that way I can open the drive. But when I click on the drive I get this error: --------------------------- RECYCLER\S-2-3-33-100031774-100031622-100017864-7182.com --------------------------- Windows cannot find 'RECYCLER\S-2-3-33-100031774-100031622-100017864-7182.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. --------------------------- Here is the Kaspersky log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Sunday, May 31, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Sunday, May 31, 2009 03:53:07 Records in database: 2282082 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Files scanned: 323282 Threat name: 41 Infected objects: 360 Suspicious objects: 47 Duration of the scan: 04:58:48 File name / Threat name / Threats count C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNZN595I\cuplecha_com[1].htm Infected: Exploit.JS.Agent.aif 1 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WISS68NR\120600_dyn[1].htm Infected: Trojan-Clicker.JS.Agent.fp 1 C:\WINDOWS\Temp\tempo-108346546.tmp Infected: Trojan-Clicker.Win32.Agent.hni 1 C:\WINDOWS\Temp\tempo-337767375.tmp Infected: Trojan-Downloader.Win32.CodecPack.hss 1 H:\computer\{03F399F2-F0B4-4EFE-AEC1-6499ADAEE3E0}\Microsoft\Outlook Express\Java.dbx Infected: Hoax.JS.BadJoke.RJump 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0008618B.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\000F3584.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\00B04D84.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\00DF5200.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\032607D5.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0437153A.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0486375B.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\04AA7474.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\04B71C65.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\04BD011E.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\04C86E53.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\04CE424C.tmp Infected: Email-Worm.Win32.Mabutu.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\05570B4E.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\05715B31.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\058E5511.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\05B222E9.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\05D91ABE.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\076A3ACA.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\07D2228D.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\098121E2.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0984153D.tmp Infected: Email-Worm.Win32.NetSky.t 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09B13C08.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09C10DF6.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09C861EE.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09D25FE4.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09D833DC.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09DF07D5.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09EC2FC7.tmp Infected: Email-Worm.Win32.Klez.h 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09F62DBC.tmp Infected: Email-Worm.Win32.Klez.h 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\09FC01B5.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0A1A7B95.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0A2A4D83.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0A30217B.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0B831364.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9F3B92.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0BCB2F15.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0BDF2AFF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF97AE3.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFF4EDB.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0C1B6674.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0C320C5B.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4C5C3E.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0EAC3E34.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0EDA0A02.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\0EF703E1.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\13EC3D27.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\14047652.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\14B44BAB.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\151D0B38.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\156D0B44.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\15972D15.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\15D01072.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\15F61A93.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\16AE2A1F.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\16AE2A1F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\16EB6785.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\176722FD.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\178A08F9.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\17E27698.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\181F7A3B.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\18920E4C.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\18B23228.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\19DE49B6.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1A8B7AF7.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA85255.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1D37176C.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1D443F5E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1D4A1357.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1D825D1A.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1DB779AF.tmp Infected: Email-Worm.Win32.Banwarum.l 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB5128B.tmp Infected: Email-Worm.Win32.Zhelatin.o 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\1FEC6C35.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\20A30692.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\20B02E84.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\20C6546A.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\20CD2863.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\20D72658.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\22766B77.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\227C3F6F.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\22831368.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\242575DF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\243675C3.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\243C1BC6.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\24436FBF.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\245D3FA2.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\24673D98.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\24746589.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\247E637E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\24810D7B.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\24CD387C.tmp Infected: Email-Worm.Win32.Sober.p 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\25A4535B.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\25AA2754.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\25B74F46.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\25C14D3B.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\26A37D46.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\26B77930.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\26BD4D29.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\26FD697B.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\27ED631F.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\281A2EED.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2902207C.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29266E54.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\296B6009.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\299F7FCF.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29E15A8C.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29E37184.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29E57644.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29FB2A6F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\29FD55FC.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A0B7C5D.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A157A53.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1B4E4B.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A361E2F.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A3907DB.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A434620.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7328E6.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF222EE.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2B450A1F.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2BB747A1.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2C32436D.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2C526749.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2CB5306A.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2D8376FE.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2D9D46E1.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2DE2448F.tmp Infected: Net-Worm.Win32.Mytob.bi 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2DEB1A7B.tmp Infected: Net-Worm.Win32.Mytob.fm 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF96A76.tmp Infected: Net-Worm.Win32.Mytob.bi 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2DFD7922.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2DFF1666.tmp Infected: Net-Worm.Win32.Mytob.fm 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2E0A3C64.tmp Infected: Net-Worm.Win32.Mytob.bi 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2E131250.tmp Infected: Net-Worm.Win32.Mytob.fm 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\2E133A59.tmp Infected: Net-Worm.Win32.Mytob.bi 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30CA24C5.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30D422BA.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30DE20AF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30E06B98.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30F87093.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\30FE448B.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\344901E5.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\344901E5.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\345A53D3.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\351B7D4D.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\35427521.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\35F65DA1.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\36221971.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\36676513.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\369206E4.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\369B04D9.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\369F2ED5.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\37A41E1F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\37AA7218.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\37C86BF8.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\37CE3FF1.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\389D2FE4.tmp Infected: Email-Worm.Win32.Luder.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\38BA16E4.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\39013295.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\39013295.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2C627E.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3A835DFC.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3B157570.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3B1C018A.tmp Infected: Trojan-PSW.Win32.Papras.w 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3B221D62.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3B25475E.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3BCF06C4.tmp Infected: Trojan-PSW.Win32.Papras.w 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3C040342.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD6375B.tmp Infected: Trojan-Downloader.Win32.Bagle.at 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3CF45BA2.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFB2F9B.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFE5997.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3D467548.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3E405563.tmp Infected: Email-Worm.Win32.Bagle.at 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\3E6B61C9.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\42764ED8.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\42804CCD.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\429D46AD.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\42A41AA6.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43167F22.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43525E20.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43B05A0D.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43B62E06.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43BD01FF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43C355F8.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\43CA29F0.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\440D7B29.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4418199A.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\441E4D17.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\44203D15.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\44242110.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\443472FE.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\44381CFB.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\443E70F3.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\445B30D5.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\44A1797C.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\44D75771.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\47DE17C1.tmp Infected: Email-Worm.Win32.Bagle.bn 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\48083992.tmp Infected: Email-Worm.Win32.Bagle.bn 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\49DE1DF4.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\49E81BE9.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\49F219DE.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\49F543DB.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\49FF41D0.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A002055.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A2963A1.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A34401C.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A5139FB.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A685FE2.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A8659C2.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4A9C7FA9.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4ABD2385.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4E7139D9.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4E9F092D.tmp Infected: Email-Worm.Win32.Luder.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4ECC2EBC.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4ED62CB1.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4EDD00AA.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4EE02AA6.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4F393E84.tmp Infected: Email-Worm.Win32.Luder.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4F595919.tmp Infected: Email-Worm.Win32.NetSky.ghc 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4F62570E.tmp Infected: Email-Worm.Win32.NetSky.ghc 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\4FBF77F1.tmp Infected: Email-Worm.Win32.Luder.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\50C669E9.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\514079A8.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\51504B96.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\51814160.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\51881558.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5192134E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\519C1143.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\519F3B3F.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52101930.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\523E07B0.tmp Infected: Trojan-Downloader.Win32.Bagle.p 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52AA184A.tmp Infected: Email-Worm.Win32.Zhelatin.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52C56105.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52DC06EC.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52DD77D1.tmp Infected: Email-Worm.Win32.Bagle.ba 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52E775C6.tmp Infected: Email-Worm.Win32.Bagle.ba 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52EC6002.tmp Infected: Email-Worm.Win32.Zhelatin.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52ED49BF.tmp Infected: Email-Worm.Win32.Bagle.ba 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\52F41DB7.tmp Infected: Email-Worm.Win32.Bagle.ba 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\530A52B9.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\531350AE.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\53444679.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\534E446E.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\53551867.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\535B6C5F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\53681451.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\536C3E4D.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\53721246.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\537C103B.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5450407A.tmp Infected: Trojan-Proxy.Win32.Lager.dp 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\55D87F83.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\567019A0.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\56806B8E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5683158A.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\56A76363.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\56B73551.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\56BE094A.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\57483188.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\574F0581.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\57580377.tmp Infected: Email-Worm.Win32.Klez.h 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\57832548.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\57897941.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\578D233D.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\57F63FA9.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5820049B.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\58290291.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\585D3F4E.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\589D7FD1.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\58D1190C.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\58EC7D46.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5A174DFE.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5AD073EB.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5AED4EB1.tmp Infected: Email-Worm.Win32.Bagle.z 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5AF441C4.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5B2A6318.tmp Infected: Email-Worm.Win32.Luder.a 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5B6930F9.tmp Infected: Email-Worm.Win32.Bagle.at 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7902E7.tmp Infected: Email-Worm.Win32.Bagle.at 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\5C90484F.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\60FD64E2.tmp Infected: Trojan-PSW.Win32.Papras.ac 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\61404084.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\614D6876.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\61543C6F.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\61B21764.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\61ED0B23.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62212AE9.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\625D2B09.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62637F02.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62766E8C.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\628422DE.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62874CDB.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62914AD0.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\629E72C1.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62A1105D.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62A11CBE.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62A80B25.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62C55E36.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\62DF2E19.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\64894B18.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\64894B18.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\64921989.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\64B33D65.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\67E11DBE.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\67E771B7.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\67EE45AF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\689773EF.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\68A0791E.exe Infected: Packed.Win32.PolyCrypt.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\68A745DD.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\68AE19D6.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\68E1259A.tmp Infected: Net-Worm.Win32.Mytob.fm 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6932242C.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69530177.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69774F4F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6980396C.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69847741.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6988213D.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\698D615E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69900B5A.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\699A094F.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69B12F36.tmp Infected: Email-Worm.Win32.NetSky.c 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69B7032F.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69BB2D2B.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69F276EE.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69FC74E3.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\69FF1EE0.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A1644C7.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A3014AA.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A39795D.tmp Infected: Email-Worm.Win32.Bagle.cl 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A4A648D.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A570C7F.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A741E69.tmp Infected: Email-Worm.Win32.NetSky.ghc 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6A81465B.tmp Infected: Email-Worm.Win32.NetSky.ghc 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6AE47BDC.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6AEE79D1.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFD2A08.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B0175BC.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B047E00.tmp Infected: Trojan-Clicker.HTML.IFrame.xr 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B0E7BF6.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B1571A6.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B1B23E7.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B2554BF.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B393F7F.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6B8E47F8.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6C0E47.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6C793638.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6C800A31.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6D715A49.tmp Infected: Net-Worm.Win32.Mytob.fm 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5F007D.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6EC4160D.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6EE10FED.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF835D4.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6EFC6632.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6F066427.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F5BBB.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2601A1.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6F641F5D.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\6F951527.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\702A4EC9.tmp Infected: Email-Worm.Win32.Bagle.fb 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\71A62D87.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\71D327DA.tmp Infected: Email-Worm.Win32.Nyxem.e 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72D63D4E.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72DC1147.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72E36540.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72EC6335.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72F3372E.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72FA1F00.tmp Infected: Email-Worm.Win32.NetSky.aa 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\72FD3523.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\730F5CE5.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\73320906.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\734B41C4.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\73553FB9.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\736267AB.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\736511A7.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\744305D6.tmp Infected: Email-Worm.Win32.Sober.y 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\744B2921.tmp Infected: Email-Worm.Win32.NetSky.d 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\748946DD.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\758F2CCF.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\75E42D0F.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\766355E5.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\770D5D2A.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7B2108FE.tmp Infected: Email-Worm.Win32.NetSky.b 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7B68155C.tmp Infected: Email-Worm.Win32.Warezov.ev 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7B900D31.tmp Infected: Email-Worm.Win32.Warezov.fb 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7B923B46.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7B980F3F.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7BA3091B.tmp Infected: Email-Worm.Win32.Warezov.fb 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7CBE34F3.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7CDF58CF.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D3B62C7.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4136C0.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6C5891.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D837E78.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D895271.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7D9D4E5C.tmp Infected: Email-Worm.Win32.Klez.h 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7DAD204A.tmp Infected: Email-Worm.Win32.Klez.h 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7DE81409.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7E2D05BD.tmp Infected: Trojan-Clicker.HTML.IFrame.sz 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7EC96511.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7ED36306.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7ED96B71.tmp Infected: Email-Worm.Win32.Bagle.gen 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7EDA36FF.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7F7E22.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7FA91FF4.tmp Infected: Email-Worm.Win32.NetSky.q 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB31DE9.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1 H:\Software\Application Data\Symantec\Norton AntiVirus\Quarantine\7FF80F9D.tmp Infected: Email-Worm.Win32.NetSky.q 1 The selected area was scanned. |
|
|
|
|
May 31 2009, 11:08 AM
Post
#10
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi Baybadoll,
Please download GooredFix and save it to your Desktop. Double-click Gooredfix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. ************* Please download OTMoveIt3 by OldTimer and save it to your desktop. Double click the icon on your desktop to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C[/b] (or, after highlighting, right-click and choose Copy): Do not include the word "Code". CODE :files C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNZN595I\cuplecha_com[1].htm C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WISS68NR\120600_dyn[1].htm C:\WINDOWS\Temp\tempo-108346546.tmp C:\WINDOWS\Temp\tempo-337767375.tmp :commands [emptytemp] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. This post has been edited by SifuMike: May 31 2009, 11:09 AM -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 31 2009, 03:43 PM
Post
#11
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
Hey.
The computer froze between the last instructions and these, but restarted fine. I did these instructions fine. Then after it rebooted (following OTMoveIt) it froze again. But again, restarted fine. Here are the logs: GooredFix v1.92 by jpshortstuff Log created at 15:01 on 31/05/2009 running Option #1 (Owner) Firefox version 3.0.10 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" ------------------------------------- ========== FILES ========== C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNZN595I\cuplecha_com[1].htm moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WISS68NR\120600_dyn[1].htm moved successfully. C:\WINDOWS\Temp\tempo-108346546.tmp moved successfully. C:\WINDOWS\Temp\tempo-337767375.tmp moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\Arj.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\avlib.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\Avp1.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\AvpMgr.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\CAB.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\dmap.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\dtreg.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FSSync.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HashCont.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HashMD5.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HCCMP.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\ichk2.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\iChkSA.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\IWGen.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kave.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\lha.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\L_llio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\mdb.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\minizip.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\MKavIO.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\msoe.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\nfio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prKernel.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prLoader.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\PrUtil.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\rar.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\ScanningProcess.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\sfdb.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\TempFile.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\thpimpl.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\UniArc.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\WDiskIO.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\hsperfdata_Owner\2716 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\hsperfdata_Owner\3432 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_3oSsLw0gojQobRPQsSUz scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9c4.dat scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-2e0fafc8 scheduled to be deleted on reboot. Java cache emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05312009_150410 Files moved on Reboot... C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\Arj.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\avlib.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\Avp1.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\AvpMgr.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\CAB.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\dmap.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\dtreg.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FsDrvPlg.ppl moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FSSync.dll C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FSSync.dll NOT unregistered. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\FSSync.dll moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HashCont.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HashMD5.PPL moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\HCCMP.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\ichk2.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\iChkSA.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\IWGen.ppl moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kave.dll C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kave.dll NOT unregistered. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kave.dll moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll NOT unregistered. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\lha.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\L_llio.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\mdb.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\minizip.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\MKavIO.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\msoe.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\nfio.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prKernel.ppl moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prLoader.dll C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prLoader.dll NOT unregistered. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\prLoader.dll moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\PrUtil.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\rar.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\ScanningProcess.exe moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\sfdb.PPL moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\TempFile.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\thpimpl.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\UniArc.ppl moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\jkos-Owner\binaries\WDiskIO.ppl moved successfully. File C:\DOCUME~1\Owner\LOCALS~1\Temp\hsperfdata_Owner\2716 not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\hsperfdata_Owner\3432 not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_3oSsLw0gojQobRPQsSUz not found! File C:\WINDOWS\temp\Perflib_Perfdata_9c4.dat not found! C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-2e0fafc8 moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9528hve.default\XUL.mfl moved successfully. |
|
|
|
|
May 31 2009, 05:51 PM
Post
#12
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi Baybadoll,
We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVGFree Antivirus and Spyware Doctor before running ComboFix, as they will prevent it from running. To disable Spyware Doctor from running on your system startup: 1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background. 2. Click the "Settings" button on the left side. 3. Click the "Startup Settings" link. 4. Uncheck "Run at Windows Startup". 5. Click the "Apply" button. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this:  ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting. Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop.. Post the log from ComboFix in your next reply, A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me. Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 31 2009, 08:21 PM
Post
#13
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
I removed SpyDoctor (it never worked).
And disabled AVG by unchecking the enable Resident Shield option. I also turned off windows firewall. Do I need to disable malwarebytes? If so, how? |
|
|
|
|
May 31 2009, 10:09 PM
Post
#14
|
|
|
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi Baybadoll,
No, you dont need to disable Malwarebtes. That is run on demand. You only need to disable your antivirus and and registry protectors (like Spybot Teatimer, Ad-Watch, Spyware Doctor, Winodws Defender, etc.) -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 31 2009, 11:11 PM
Post
#15
|
|
|
Member Group: Members Posts: 35 Joined: 23-May 09 From: Illinois Member No.: 334,982 |
combofix won't run.
When I double-click on the icon, the warning message pops up - and I clicked on RUN but nothing happens. I tried three times (waiting in between just in case it took a while). |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 01:57 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.