Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect, popups telling me to click for virus protection


  • This topic is locked This topic is locked
30 replies to this topic

#16 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 11 December 2008 - 05:23 PM

39B7A77219AF411A has a white page icon next to it.

What program do I use to open it? (I'm following the prompts)

BC AdBot (Login to Remove)

 


#17 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 11 December 2008 - 05:29 PM

Not sure if I understand you...

What program do I use to open it? (I'm following the prompts)

To open what?
Could you open the folder c:\windows\system32\39B7A77219AF411A now??
Or does it ask what program to use to open it instead?
Is the context menu "take ownership" now present? If so, and since I'm 99% sure that the c:\windows\system32\39B7A77219AF411A is malware, rightclick it, select to take ownership and then select to delete it.

If that didn't work, then it means that something may be loading it (which above logs didn't show). If so, then * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#18 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 11 December 2008 - 05:42 PM

Hi,

I won't be able to reply within the next couple of hours since it's almost midnight here and I need my bed. So I'll reply tomorrow in the morning. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#19 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 11 December 2008 - 05:45 PM

I did open and delete it. How do I find out if it worked?

The Kaspersky is still updating the database, should I wait for it to finish?

#20 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 11 December 2008 - 05:50 PM

I did open and delete it. How do I find out if it worked?

If you deleted it, then it's OK and there are no further steps required except for the Kaspersky online scanner. :thumbsup:

The Kaspersky is still updating the database, should I wait for it to finish?

Yes please. Updating the database may take some time - so be patient. The Kaspersky online scan is a final check to see if there are any leftovers present. Take your time :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#21 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 11 December 2008 - 11:16 PM

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 11, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 11, 2008 19:37:57
Records in database: 1452868
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 212633
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 05:12:56


File name / Threat name / Threats count
C:\Users\Justin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\492dc15a-58d4e214 Infected: Trojan-Downloader.Java.OpenStream.ac 1

The selected area was scanned.

#22 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 12 December 2008 - 01:55 AM

Hi,

Only a small leftover. :thumbsup:

Clear your Java cache:
Clearing Java Cache:
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
  • Under Temporary Internet Files, click the Settings button.
  • Click the Delete Files... button below. Make sure next are checked:
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window.

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#23 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 15 December 2008 - 06:14 PM

I think I followed your directions but must have done something wrong.

It's running really slowly and there are a bunch of new files that have $ in the name.

I'm going to start over from the beginning.

#24 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 16 December 2008 - 01:04 AM

It's running really slowly and there are a bunch of new files that have $ in the name.

That's a Windows update. Those files are files related with Windows updates and may also explain why things are running slower.. because you're in the middle of an update.

Please reboot afterwards and see if that makes a difference.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#25 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 16 December 2008 - 01:39 AM

All that stuff has been there for days, as has been the slow speed.
On my C drive there is a folder that keeps reappearing that labeled $AVG8.VAULT$ another is $RECYCLE.BIN.

I ran another Kaspersky scan as well as well as DDS. Should I post the results?

#26 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 16 December 2008 - 07:19 AM

Yes, please post the results.

The files you mention are related with AVG and your recycle bin. From your previous log I see you actually have fixed all entries in HijackThis, including the ones related with AVG. This means that AVG isn't running properly here (since you fixed those entries) and that may cause the slowdown.
I suggest you uninstall AVG, reboot and reinstall it again.

On the other side... From your log:

System drive C: has 4 GB (4%) free of 106 GB
Total RAM: 958 MB (21% free)


Since you're running Vista, 958MB is actually way too low, so it's normal that everything is slowly. Also the fact that there's only 4GB of space left is also a reason why things are slower than it's supposed to be.

Edited to add.... The fact that you say that the files keep REAPPEARING, so I assume that you've deleted them??? You may not delete them!! It's totally normal that the $RECYCLE.BIN reappears again after you have deleted it - because that's your recycle bin! Please do NOT delete any folders and files that look suspicious. The fact that you see these files/folders is because I asked you previously to reveal hidden files and folders. That's why you didn't see them before because they were hidden. So I suggest you hide hidden files and folders again - the opposite way as how you revealed them.
I really really hope that you didn't delete any of those folders and files, because if you did, then it wouldn't suprise me that you're having problems with your computer. In such cases, a reinstall will be the only solution to make things working properly again..

Edited by miekiemoes, 16 December 2008 - 07:45 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#27 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 17 December 2008 - 12:12 PM

The $RECYCLE.BIN has never been there before, here's the scan results.


DDS (Version 1.0.1) - NTFSx86
Run by Justin at 22:24:32.31 on Mon 12/15/2008
Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.267 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Justin\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Justin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
uRun: [BitTorrent DNA] "c:\users\justin\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\vbn55rtk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

============= SERVICES / DRIVERS ===============

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-10-8 810320]

=============== Created Last 30 ================

2008-12-14 13:36 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-11 14:02 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 08:48 2,048 a------- c:\windows\system32\tzres.dll
2008-12-09 14:18 297,472 a------- c:\windows\system32\gdi32.dll
2008-12-09 14:18 1,687,040 a------- c:\windows\system32\gameux.dll
2008-12-09 14:18 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-09 14:18 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-05 16:53 <DIR> --d----- c:\users\justin\appdata\roaming\Malwarebytes
2008-12-05 16:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-05 16:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 16:53 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-05 16:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 16:53 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-04 19:57 <DIR> --d----- c:\users\justin\.SunDownloadManager
2008-12-01 21:33 <DIR> --d----- c:\program files\Total Video Player
2008-11-25 11:36 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-25 11:36 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-25 11:36 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-25 11:36 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-25 11:36 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-25 11:36 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-25 11:36 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-16 23:05 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-16 23:04 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-16 23:03 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-16 23:03 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2008-12-10 09:02 174 a--sh--- c:\program files\desktop.ini
2008-10-31 19:33 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 19:33 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 19:33 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 19:33 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 19:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 15:23 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-28 22:20 2,923,520 a------- c:\windows\explorer.exe
2008-10-16 13:36 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-16 13:36 86,016 a------- c:\windows\inf\infstor.dat
2008-10-16 13:36 51,200 a------- c:\windows\inf\infpub.dat
2008-10-15 20:40 826,368 a------- c:\windows\system32\wininet.dll
2008-10-15 20:40 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-15 20:40 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 20:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 20:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-17 18:03 2,027,520 a------- c:\windows\system32\win32k.sys
2008-08-27 15:48 13,072 a------- c:\users\justin\appdata\roaming\nvModes.dat
2008-06-15 19:12 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-28 20:17 545,278 a------- c:\users\justin\Autoruns.zip
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-20 09:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-20 09:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-20 09:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:25:20.33 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2007 2:34:22 AM
System Uptime: 12/15/2008 3:34:12 PM (7 hours ago)

Motherboard: Quanta | | 30D3
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 4.402 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.761 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP295: 12/15/2008 3:25:17 PM - Removed AVG Free 8.0
RP296: 12/15/2008 3:30:37 PM - Installed AVG Free 8.0

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5700_Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Atlas_3
AutoUpdate
Avanquest update
BitTorrent
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Plan Pro 11.0
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant HD Audio
CustomerResearchQFolder
Data Access Objects (DAO) 3.5
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
DocProc
DocProcQFolder
Driver Install
ESU for Microsoft Vista
eSupportQFolder
Fax
gigabeat S Series Manual
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 D3
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
J5700
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java™ 6 Update 11
Java™ 6 Update 5
K-Lite Codec Pack 3.2.5 Standard
Kodak EasyShare software
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Mozilla Firefox (3.0.1)
MP4 Player
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My HP Games
NVIDIA Drivers
PDF Settings
ProductContext
PSSWCORE
QuickBooks Pro Timer
QuickBooks Simple Start 2008 (Plus Pack)
QuickTime
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Soft Data Fax Modem with SmartCP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Vongo
WebReg

==== Event Viewer Messages ===================

12/8/2008 9:27:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
12/8/2008 9:27:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
12/8/2008 7:34:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

==== End Of File ===========================
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 15, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 15, 2008 19:36:05
Records in database: 1463736
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 210487
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:03:14

No malware has been detected. The scan area is clean.

The selected area was scanned.

#28 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 17 December 2008 - 12:32 PM

The $RECYCLE.BIN has never been there before, here's the scan results.

Believe me, it has always been present there, but it was invisible previously. The fact that I asked you to reveal hidden files and folders revealed it.

Your logs look OK.. Nothing strange/suspicious.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#29 JstnGSD

JstnGSD
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 17 December 2008 - 12:47 PM

Thanks, I appreciate your help.

#30 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 AM

Posted 17 December 2008 - 12:49 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users