Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Varous Malware - Identitytheft


  • This topic is locked This topic is locked
21 replies to this topic

#1 Nimshie29

Nimshie29

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 11 June 2008 - 01:14 AM

Hi Guys,

After having my Visa card used fraudulently I have been cleaning up my system. I have used Avast Antivirus and SuperspyWare remover.

The results are attached. After searching around trying to determine how to repair/replace/fix quarantined items I was directed to your forum and have followed the preparation guide except I have submitted Avast results ( which needs to be opened with
Avast file 'ashchest.exe ' instead of a Kaperssky scan.
Looking forward to having a safe system.
Thank you all.

Nimshie29

PS I am having problems saving the Avast results file and will send them separately. Rgds,N
-----------
-----------
Hi Guys,

The only way I could get this file to upload was by zipping it. Once unzipped I think you will still have to use Avast Chest to open it.

I hope it works OK.

Thanks again,

Nimshie29

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 11 June 2008 - 05:26 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 04 July 2008 - 03:40 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I don't think that you are attaching anything scary but others may do so. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2008 - 09:33 PM

* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 5:19:52 PM
* VPS: 080524-0, 24/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 165369
Total folders: 3535
Total size: 25.3 GB

*
* Task stopped: Sunday, 25 May 2008 5:44:53 PM
* Run-time was 25 minute(s), 1 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 8:23:42 PM
* VPS: 080525-0, 25/05/2008
*

Infected files: 0
Total files: 739
Total folders: 3
Total size: 46.5 MB

*
* Task stopped: Sunday, 25 May 2008 8:23:53 PM
* Run-time was 11 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 9:07:09 AM
* VPS: 080525-0, 25/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\tbupdate.cab\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 4
Total files: 1327005
Total folders: 11155
Total size: 75.2 GB

*
* Task stopped: Monday, 26 May 2008 11:43:37 AM
* Run-time was 2 hour(s), 36 minute(s), 28 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:29:11 PM
* VPS: 080526-0, 26/05/2008
*

Infected files: 0
Total files: 736
Total folders: 3
Total size: 27.1 MB

*
* Task stopped: Monday, 26 May 2008 2:29:26 PM
* Run-time was 15 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:30:26 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Desktop\Vius\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
Infected files: 2
Total files: 46542
Total folders: 1645
Total size: 10.1 GB

*
* Task stopped: Monday, 26 May 2008 2:42:12 PM
* Run-time was 11 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:42:47 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 160179
Total folders: 3531
Total size: 24.4 GB

*
* Task stopped: Monday, 26 May 2008 3:26:33 PM
* Run-time was 43 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 6:07:40 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229768.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229769.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229770.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP662\A0229801.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 8
Total files: 1327204
Total folders: 11155
Total size: 75.3 GB

*

#4 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2008 - 09:35 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 19:42:32
Records in database: 913699
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 103518
Threat name: 6
Infected objects: 11
Suspicious objects: 1
Duration of the scan: 04:31:07


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\pop.mail.yahoo.com.au\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.f 3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Mostofate.bd 3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.i 1
C:\Documents and Settings\Administrator\Local Settings\Temp\htLXD3p7.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1
C:\Documents and Settings\Administrator\Local Settings\Temp\qs6biTOl.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1
C:\My Downloads\TrueSword4.exe Infected: not-a-virus:FraudTool.Win32.TrueSword.a 1
C:\MyDocuments\My Downloads Music\disneys finding nemo dvd.wm Infected: Trojan-Downloader.WMA.Wimad.m 1

The selected area was scanned.

#5 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2008 - 09:47 PM

Hi Suzie,

Sorry about all the space but this is the only way I can send it without an attachment I think?.
Regarding my identity theft, I found a cookie for one of the companies where my credit card details were used. I doubt if this would mean much. Do you know? Where possible I would like to be able to return any significant files to their origin after fixing the malware. Any advice will be greatly appreciated.
Regards,

John Smith

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2008 at 07:57 AM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Complete Scan
Total Scan Time : 00:58:26

Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 6411
Registry threats detected : 24
File items scanned : 25172
File threats detected : 53

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
C:\PROGRA~1\EMUSIC~1\TBU4A\TBHELPER.DLL
C:\PROGRAM FILES\EMUSIC TOOLBAR\TBU4A\TBHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myaccount.centrelink.gov[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adv.medscape[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data3.perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
.toplist.cz [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.stumbleupon.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.ehg-newscientist.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.ehg-newscientist.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
count.rbc.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
count.rbc.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.list.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vmzwm0s.default\cookies.txt ]

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version

Unclassified.PC MightyMax
HKU\S-1-5-21-73586283-776561741-725345543-500\Software\PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax
C:\PROGRAM FILES\PCMIGHTYMAXSETUP.EXE

Adware.UpMedia/SearchTool
HKU\S-1-5-21-73586283-776561741-725345543-500\Software\UpMedia

Trojan.Dropper/Multi-MBAD
C:\WINDOWS\SYSTEM32\CNMS400.EXE

Adware.SearchTool
C:\WINDOWS\SYSTEM32\SEARCHENHANCER\NSD7.DLL

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 06 July 2008 - 03:19 PM

Please post a new HijackThis log. All the information you gave me so far will help me analyze your HijackThis log. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 07 July 2008 - 01:07 AM

Hi Guys and Girls,

Suziebaby has asked me to submit a new topic as this one is getting long in the tooth.

I have provided all the results of my scans including Avast Virus scan previously. I hope to be able to repair some files and restore them. Identification of any that look like being involved with identity theft would be helpful. I found a cookie belonging to Starbucks Coffee, USA, but I doubt if this is related to the fraud. I would just like to be sure my system is functional as possible without returning any files that will make me likely to ID theft again.

See previous emails for scan results.
My OS is windows xp Prof. Is fully updated. I was using AG Virus scan and Zone Alarm firewall until I found out about the ID theft. I used to scan often with Spybot.
Since the theft I have been using Windows Firewall, Avast Virus scanner and scan with MS Baseline Security. Any advice with the infected files would be very welcome.
I hope this is sufficient.
Regards,
Nimshie29 :thumbsup:

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,051 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:13 AM

Posted 07 July 2008 - 05:13 PM

Hello Nimshie29,

I have merged your latest topic with your previously existing topic. Please keep all posts regarding this issue to this topic. Starting new topics confuses things and delays the assistance you receive.

I'm afraid you misunderstood suebaby41's instructions. What she wants is for you to create a new HiJack This log on your computer and post it as a reply to this thread. A HiJack This log starts with something like this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:46 PM, on 7/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal


Back to you suebaby41,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 07 July 2008 - 08:18 PM

Thanks, Orange Blossom. Sorry for the confusion.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 17 July 2008 - 02:48 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 21 July 2008 - 02:29 AM

Hi Guys,

I posted a reply to the last message on this topic but it did not make the system. I think it had something to do with your changed way of submitting HijackThis Logs
I am attaching the original and some scans taken later. However the date contained in my original posts is that which is relevant to my identity theft and which I would like your advice on. Newer logs are not particularly relevant to my queries.
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-08 18:01:58
Computer is in Normal Mode. You requested I advise this address when reopening this query: http://www.bleepingcomputer.com/forums/ind...rt=#entry884878

Os Wndosw XP Pro SP2
AMD Athalon XP
ASUSA7V8X-MX-SE 1.03
RAM 1024MB

--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:02:08 PM, on 8/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\My Downloads\dss(2).exe
C:\SMALLP~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - URLSearchHook: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTBPos00 - {A50B6E91-4081-4B37-BEA1-AD98A3CD51BA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eMusic Toolbar - {F8CC9B08-C14F-4A5C-B73B-518AFECC067A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DivX Connected Monitor] "C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1188118297500
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152773949906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150675091421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-07 18:15:17 7499776 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-07-06 21:46:49 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 21:29:17 0 d-------- C:\WINDOWS\system32\scripting
2008-07-06 21:29:16 0 d-------- C:\WINDOWS\l2schemas
2008-07-06 21:29:15 0 d-------- C:\WINDOWS\system32\en
2008-07-06 21:29:15 0 d-------- C:\WINDOWS\system32\bits
2008-07-06 19:52:26 0 d-------- C:\Documents and Settings\Administrator\SecurityScans
2008-07-06 15:28:48 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-07-06 15:28:48 363892 --a------ C:\WINDOWS\ISUN16.EXE <Not Verified; InstallShield Software Corporation; InstallShield unInstaller>
2008-07-05 12:22:22 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-07-04 14:12:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Torrent Episode Downloader
2008-07-04 14:01:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-04 14:00:34 0 d-------- C:\Program Files\Torrent Episode Downloader
2008-07-04 13:55:14 0 d-------- C:\Program Files\AskSBar
2008-07-04 13:54:24 0 d-------- C:\Program Files\Vuze
2008-07-01 16:41:25 0 d-------- C:\Program Files\Adobe Media Player
2008-07-01 16:41:16 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-23 13:51:33 0 d-------- C:\Documents and Settings\Administrator\Emailrecovered
2008-06-14 11:36:31 201728 --a------ C:\WINDOWS\system32\Analogy.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-06-14 11:36:31 0 d-------- C:\WINDOWS\system32\Analogy dir
2008-06-09 20:54:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 20:53:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 20:53:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com


-- Find3M Report ---------------------------------------------------------------

2008-07-08 17:38:02 0 d-------- C:\Program Files\Java
2008-07-08 17:11:24 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-06 21:29:43 0 d-------- C:\Program Files\Messenger
2008-07-06 21:29:14 0 d-------- C:\Program Files\Movie Maker
2008-07-06 21:26:14 0 d-------- C:\Program Files\Windows NT
2008-07-06 19:46:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-04 17:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-01 16:41:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-01 16:41:16 0 d-------- C:\Program Files\Common Files
2008-06-30 17:55:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 17:19:29 0 d-------- C:\Program Files\Azureus
2008-06-29 11:42:34 0 d-------- C:\Program Files\DivX
2008-06-29 11:40:01 327 --a------ C:\Program Files\picasa.zpi
2008-06-29 11:36:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-06-24 16:58:27 0 d-------- C:\Program Files\Alwil Software
2008-06-18 11:29:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-16 16:41:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Canon
2008-06-16 14:38:10 0 d-------- C:\Program Files\AM5676
2008-06-09 11:43:25 3672847 --a------ C:\WINDOWS\GreenpeaceWhaleScreenSaver.SCR
2008-06-09 11:41:29 0 d-------- C:\Program Files\MSECACHE
2008-06-09 11:33:42 0 d-------- C:\Program Files\RegHealer
2008-06-07 20:26:43 0 d-------- C:\Program Files\XoftSpySE
2008-06-07 19:17:46 0 d-------- C:\Program Files\Windows Installer 4.5 SDK
2008-05-25 17:15:43 490 --a------ C:\Documents and Settings\Administrator\Application Data\APUSet.xml
2008-05-25 17:15:25 6306 --a------ C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
2008-05-14 15:06:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2008-05-14 15:06:26 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-14 15:06:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 15:05:55 0 d-------- C:\Program Files\ScanSoft
2008-05-14 14:54:32 0 d-------- C:\Program Files\Canon
2008-05-14 14:52:18 0 d-------- C:\Program Files\Common Files\Canon
2008-05-14 14:47:42 0 d--h----- C:\Program Files\CanonBJ
2008-05-13 11:23:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 11:20:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 11:20:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 11:20:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 11:20:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 11:20:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 11:20:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 11:20:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-13 11:19:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 16:28:12 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
04/07/2008 01:55 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [04/07/2008 01:55 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 06:20 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [23/03/2006 05:06 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29/01/2008 06:15 PM]
"VTTimer"="VTTimer.exe" [07/05/2003 04:32 PM C:\WINDOWS\system32\VTTimer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12/01/2006 03:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 08:49 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [15/05/2007 01:31 AM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 02:20 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 09:03 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 12:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42 AM]
"DivX Connected Monitor"="C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe" [21/06/2008 08:58 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-08 18:05:07 ------------

Tuesday, July 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 08, 2008 08:46:50
Records in database: 926126

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 109309
Threat name 6
Infected objects 11
Suspicious objects 1
Duration of the scan 04:06:45

File name Threat name Threats count
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\pop.mail.yahoo.com.au\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.f 3

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Mostofate.bd 3

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:AdWare.Win32.Beginto.i 1

C:\Documents and Settings\Administrator\Local Settings\Temp\htLXD3p7.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1

C:\Documents and Settings\Administrator\Local Settings\Temp\qs6biTOl.zip.part Infected: not-a-virus:AdWare.Win32.Mostofate.bd 1

C:\My Downloads\TrueSword4.exe Infected: not-a-virus:FraudTool.Win32.TrueSword.a 1

C:\MyDocuments\My Downloads Music\disneys finding nemo dvd.wm Infected: Trojan-Downloader.WMA.Wimad.m 1

The selected area was scanned.
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 5:19:52 PM
* VPS: 080524-0, 24/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 165369
Total folders: 3535
Total size: 25.3 GB

*
* Task stopped: Sunday, 25 May 2008 5:44:53 PM
* Run-time was 25 minute(s), 1 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Sunday, 25 May 2008 8:23:42 PM
* VPS: 080525-0, 25/05/2008
*

Infected files: 0
Total files: 739
Total folders: 3
Total size: 46.5 MB

*
* Task stopped: Sunday, 25 May 2008 8:23:53 PM
* Run-time was 11 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 9:07:09 AM
* VPS: 080525-0, 25/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\tbupdate.cab\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 4
Total files: 1327005
Total folders: 11155
Total size: 75.2 GB

*
* Task stopped: Monday, 26 May 2008 11:43:37 AM
* Run-time was 2 hour(s), 36 minute(s), 28 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:29:11 PM
* VPS: 080526-0, 26/05/2008
*

Infected files: 0
Total files: 736
Total folders: 3
Total size: 27.1 MB

*
* Task stopped: Monday, 26 May 2008 2:29:26 PM
* Run-time was 15 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:30:26 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Desktop\Vius\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
Infected files: 2
Total files: 46542
Total folders: 1645
Total size: 10.1 GB

*
* Task stopped: Monday, 26 May 2008 2:42:12 PM
* Run-time was 11 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 2:42:47 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
Infected files: 0
Total files: 160179
Total folders: 3531
Total size: 24.4 GB

*
* Task stopped: Monday, 26 May 2008 3:26:33 PM
* Run-time was 43 minute(s), 46 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 26 May 2008 6:07:40 PM
* VPS: 080526-0, 26/05/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\F1PI210ENau-IINET-1-Port-IAD-FW0_V0.35.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Modem\Upgrades\IINET-1-Port-IAD-FW0_V0.29.bin\soho.bin [E] ZIP archive is corrupted. (42125)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910\PartNo_0#512580888 [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.14 (en-US) - 2008-05-12.pcv\Mail\mail.gmail.com\Inbox [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\My Documents\Thunderbird 2.0.0.9 en-US - 2008-01-20.pcv\Mail\Local Folders\Sent\PartNo_0#3862807910 [E] Compressed file is too big to be processed. (42057)
C:\My Downloads\FreewarePrimo32Setup(2).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(2).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(2).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(3).exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(3).exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(4).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(4).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(5).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(5).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(6).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(6).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(7).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(7).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup(8).exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup(8).exe\ Log.txt\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\%AppFolder%\gsdll32.dll [E] Installer archive is corrupted. (42146)
C:\My Downloads\FreewarePrimo32Setup.exe\URRENT!Could not set the current folder.E\a folder.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\UECould not save value.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\ must be greater than or equal to -1.E\E [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\services.E\ [E] The file is a decompression bomb. (42110)
C:\My Downloads\FreewarePrimo32Setup.exe\alid.E [E] The file is a decompression bomb. (42110)
C:\My Downloads\SystemCheckup_ZoneAlarm.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_1.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_2.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_3.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_4.VOB [E] The file is a decompression bomb. (42110)
C:\Program Files\DivX\Dr.DivX\Image.nrg\VIDEO_TS\VTS_01_5.VOB [E] Compressed file is too big to be processed. (42057)
C:\Program Files\dxsdk_apr2006.exe\dxsdk.exe [E] Compressed file is too big to be processed. (42057)
C:\Program Files\eMusic Toolbar\tbu4A\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\small programs etc\avgarkt-setup-1.1.0.42.exe\$INSTDIR\avgarcln.sys [E] Installer archive is corrupted. (42146)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP562\A0209697.exe\[ASPack]\[Embedded#FILEINFOLIST.DLL]\FileInfoList.xml [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229768.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229769.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP661\A0229770.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{309065C0-D971-4B8E-8487-D2E5A3820F91}\RP662\A0229801.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\nszB.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\SearchTool\SearchTool.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
Infected files: 8
Total files: 1327204
Total folders: 11155
Total size: 75.3 GB

*
* Task stopped: Monday, 26 May 2008 10:01:10 PM
* Run-time was 3 hour(s), 53 minute(s), 30 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Monday, 2 June 2008 3:43:06 PM
* VPS: 080601-0, 01/06/2008
*

C:\Documents and Settings\Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV.nco\20071307_183859_July07\C\DOCUME~1\ADMINI~1\Desktop\backup\THUNDE~1.PCV [E] Compressed file is too big to be processed. (42057)
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\665sdpj6.default\Mail\mail.gmail.com\Inbox\PartNo_0#167938380 [E] The file is a decompression bomb. (42110)
C:\Documents and Settings\Administrator\Local Settings\Temp\emusicToolbar.dll [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Local Settings\Temp\tzzyji8e.exe\WindowsInstaller.exe [E] Installer archive is corrupted. (42146)
Infected files: 1
Total files: 33873
Total folders: 1732
Total size: 6.6 GB

*
* Task stopped: Monday, 2 June 2008 5:32:36 PM
* Run-time was 1 hour(s), 49 minute(s), 30 second(s)

Latest Hijacjthis log Scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:34 PM, on 21/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\small programs etc\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - URLSearchHook: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTBPos00 - {A50B6E91-4081-4B37-BEA1-AD98A3CD51BA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eMusic Toolbar - {F8CC9B08-C14F-4A5C-B73B-518AFECC067A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\World_Tv_Center\tbWor1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DivX Connected Monitor] "C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1188118297500
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152773949906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150675091421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10384 bytes

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,051 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:13 AM

Posted 21 July 2008 - 03:43 PM

Hello Nimshie29,

I have merged your latest topic regarding this issue to your previously existing topic which I have reopened.

It is important to check your thread regularly and follow the instructions you HJT helper provides. There are infections that will get worse if they are not attended to. If you will be unable to answer for a while, please inform your HJT helper.

If the topic should get closed, as it did in this case, and you need it reopened, please do not start a new topic. Instead, send a private message, as suebaby instructed, requesting that the topic be reopened. Here is a link to a topic that discusses how to use the private message system here at Bleeping Computer: http://www.bleepingcomputer.com/forums/t/33018/how-to-use-and-send-personal-messages/

Back to you suebaby,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 21 July 2008 - 05:17 PM

Thanks again, Orange Blossom.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:13 AM

Posted 21 July 2008 - 05:18 PM

However the date contained in my original posts is that which is relevant to my identity theft and which I would like your advice on. Newer logs are not particularly relevant to my queries.

I am not sure what you want me to do. I will only look at your latest log:

Latest Hijacjthis log Scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:34 PM, on 21/07/2008

It would not be fair to others needing help for me to analyze an older log such as:

Logfile of HijackThis v1.99.1
Scan saved at 6:02:08 PM, on 8/07/2008

If you want me to analyze your latest HijackThis log, please let me know.

Edited by suebaby41, 21 July 2008 - 05:19 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#15 Nimshie29

Nimshie29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 22 July 2008 - 01:37 AM

Hi Suziebaby,

Please do. Also any direction or advice you can provide on how I may remove malware myself would be appreciated. Is it possible to delete the offending part of the file and restore it? Is there a process I can follow to repair such infected files as those found on my original scan by Avast?
Regards,

Nimshie 29




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users