Jump to content

AngerSaxon

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The computer seems to be all fine now. The personal antivirus is gone. No more iexplore.exe processes spawning. Please advise whether I should get spybot back up and running. Thanks Katana.
  2. Thanks Katana. Sorry to waste your time with an oversight like out of date software. Here's the log: Malwarebytes' Anti-Malware 1.40 Database version: 2749 Windows 5.1.2600 Service Pack 2 9/6/2009 10:11:35 PM mbam-log-2009-09-06 (22-11-35).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 221904 Time elapsed: 36 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
  3. Malwarebytes' Anti-Malware 1.24 Database version: 1015 Windows 5.1.2600 Service Pack 2 10:05:02 PM 9/5/2009 mbam-log-9-5-2009 (22-05-02).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 146848 Time elapsed: 56 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\msxmlm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
  4. The personal anti virus is still running upon start up. I kill the process, but it will re-open itself. A lot of iexplore.exe process periodically appear as well. Internet explorer itself is in a bad way; upon opening internet explorer, instances of the program open cascading all over my desktop until the computer cannot handle it any longer and terminates the program (about a minute). Google is no longer hijacked and the computer is working more quickly. Combofix has definitely had an impact. Thanks. add-remove program: 5 Card Slingo from Hewlett-Packard Desktops (remove only) Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI Apple Mobile Device Support Apple Software Update AstroPop Deluxe from Hewlett-Packard Desktops (remove only) AT&T Internet Security Wizard 1.5.11 AT&T Toolbar ATT-NAP Audible Download Manager Audio Converter Avira AntiVir Personal - Free Antivirus Barnyard Invasion from Hewlett-Packard Desktops (remove only) Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only) BellSouth Application Management Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only) Blasterball 2 from Hewlett-Packard Desktops (remove only) Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) Boggle Supreme from Hewlett-Packard Desktops (remove only) Bookworm Deluxe from Hewlett-Packard Desktops (remove only) Bounce Symphony from Hewlett-Packard Desktops (remove only) BufferChm CameraDrivers CCleaner (remove only) Chuzzle Deluxe from Hewlett-Packard Desktops (remove only) Compatibility Pack for the 2007 Office system CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig Crystal Maze from Hewlett-Packard Desktops (remove only) CueTour Customer Experience Enhancement Data Fax SoftModem with SmartCP Destinations DocProc DocumentViewer DocumentViewerQFolder DVD Decrypter (Remove Only) DVD Shrink 3.2 Easy Graphic Converter 1.2 Easy Internet Sign-up eMusic - 50 Free MP3 offer Enhanced Multimedia Keyboard Solution Family Feud FATE from Hewlett-Packard Desktops (remove only) Fax Fax_CDA FullDPAppQFolder GdiplusUpgrade Google Earth Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) HP Boot Optimizer HP Deskjet Printer Preload HP Document Viewer 5.3 HP DVD Play 1.0 HP Game Console and games HP Imaging Device Functions 6.0 HP Organize HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart Cameras 5.0 HP Photosmart Premier Software 6.0 HP PSC & OfficeJet 5.3.A HP PSC & OfficeJet 5.3.B HP Rhapsody HP Software Update HP Solution Center & Imaging Support Tools 5.3 HP Support Overview HP Web Helper HPProductAssistant HpSdpAppCoreApp Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only) InstantShareDevices Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers InterVideo WinDVD Player iPod for Windows 2005-10-12 iTunes Java 6 Update 13 Java 6 Update 7 Lemonade Tycoon 2 from Hewlett-Packard Desktops (remove only) Lexibox Deluxe from Hewlett-Packard Desktops (remove only) LightScribe 1.4.62.1 Mah Jong Quest from Hewlett-Packard Desktops (remove only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Money 2006 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.13) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) muvee autoProducer 4.5 Nero - Burning Rom Netscape Browser (remove only) NewCopy NewCopy_CDA OptionalContentQFolder Panda ActiveScan 2.0 PanoStandAlone PC-Doctor 5 for Windows PhotoGallery Picasa 3 Polar Bowler from Hewlett-Packard Desktops (remove only) Polar Golfer from Hewlett-Packard Desktops (remove only) PS2 PSPrinters08 PSTAPlugin Puzzle Express from Hewlett-Packard Desktops (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime RandMap Readme RealArcade RealPlayer Realtek High Definition Audio Driver Remove IntelliMover Demo Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only) Scan ScannerCopy SCRABBLE from Hewlett-Packard Desktops (remove only) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB960714) Security Update for Windows Internet Explorer 8 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Shooting Stars Pool from Hewlett-Packard Desktops (remove only) Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only) SkinsHP1 Skype
  5. Thanks for your reply Katana. Here is the Combofix report: ComboFix 09-09-04.02 - HP_Owner 09/05/2009 12:05.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.242 [GMT -4:00] Running from: c:\documents and settings\HP_Owner\Desktop\scanner.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Owner\Desktop\Personal Antivirus.lnk c:\documents and settings\HP_Owner\Local Settings\temp\IadHide5.dll c:\windows\system32\msxmlm.dll . ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))))) . 2009-08-28 00:52 . 2009-08-28 00:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-28 00:50 . 2009-08-28 00:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-25 20:42 . 2009-08-25 20:42 -------- d-----w- c:\program files\Audible 2009-08-22 00:41 . 2009-08-22 00:41 -------- d-----w- c:\program files\Common Files\Uninstall 2009-08-22 00:40 . 2009-08-22 00:40 -------- d-----w- c:\program files\PersonalAV 2009-08-13 01:25 . 2009-08-13 01:25 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-05 15:17 . 2008-07-08 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar 2009-09-05 15:16 . 2008-08-02 12:48 -------- d-----w- c:\program files\Java 2009-08-28 00:59 . 2008-08-02 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-28 00:57 . 2008-08-02 23:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 00:55 . 2008-08-02 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-14 02:09 . 2009-06-15 15:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype 2009-08-13 21:23 . 2009-06-15 15:57 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM 2009-08-06 18:17 . 2007-04-24 15:46 -------- d-----w- c:\program files\Soulseek 2009-08-06 15:01 . 2009-02-15 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2009-08-05 09:11 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 12:51 . 2008-12-23 16:30 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-17 18:55 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 14:08 . 2004-08-04 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-16 14:55 . 2004-08-04 04:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:57 . 2009-06-15 15:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-12 11:50 . 2004-08-04 04:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2006-08-19 22:51 . 2006-08-19 22:52 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-05_15.37.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-05 16:13 . 2009-09-05 16:13 16384 c:\windows\temp\Perflib_Perfdata_75c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856] "cdloader"="c:\documents and settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-30 180269] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "PersonalAV"="c:\program files\PersonalAV\pav.exe" [2009-08-22 1925120] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-29 27136] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-29 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-3-29 36903] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/1/2008 8:12 PM 28544] R3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;c:\windows\system32\drivers\vnetusbl.sys [3/9/2004 7:48 PM 108032] . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13] . - - - - ORPHANS REMOVED - - - - BHO-{A77D3539-581D-450C-9E44-A84C415A6172} - c:\windows\system32\msxmlm.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} - hxxp://c03.tellmemorecampus.com/bin/tol7inst.cab FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\yj48pzds.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\yj48pzds.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-05 12:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3984) c:\windows\system32\browselc.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\hp\KBD\kbd.exe . ************************************************************************** . Completion time: 2009-09-05 12:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-05 16:25 ComboFix2.txt 2009-09-05 15:39 Pre-Run: 10,290,372,608 bytes free Post-Run: 10,253,561,856 bytes free 160 --- E O F --- 2009-08-26 07:00
  6. Hello, Thanks for your interest and help. Our computer is overrun. We have the personal anti-virus bug. Very annoying. Google links are hijacked. Spybot will not open. Now MBAM will not open either. Computer nearly crippled. I'm putting the 3 logs in order hijackthis, panda, mbam. Thanks so much Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:03:24 PM, on 8/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\ATTToolbar\FDServer.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe -- End of file - 8751 bytes ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2009-08-25 22:01:23 PROTECTIONS: 1 MALWARE: 3 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Avira AntiVir PersonalEdition 8.0.1.30 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 02457190 Trj/Alureon.BB Virus/Trojan Yes 1 Yes No globalroot\systemroot\system32\UACgebihcrjtk.dll 02587846 Adware/SystemGuard2009 Adware Yes 0 Yes No globalroot\systemroot\system32\UACocmfdpqjed.dll 05214343 Adware/Naupoint Adware Yes 1 Yes No C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location a ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description a ;=============================================================================== ================================================================================ = =================== 210618 HIGH MS09-019 a ;=============================================================================== ================================================================================ = =================== Malwarebytes' Anti-Malware 1.24 Database version: 1015 Windows 5.1.2600 Service Pack 2 10:43:49 PM 8/21/2009 mbam-log-8-21-2009 (22-43-49).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 150209 Time elapsed: 1 hour(s), 15 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\msxmlm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
  7. Hello, My mom has been having problems lately. Her computer often cannot access information on the internet. She visits a page, but certain content will not load. Examples of this issue are videos on YouTube and ticket search on ticketmaster.com. She has a lot of junk in the start-up, and I haven't turned any of it off so it would appear in the HijackThis log. Thanks for any advice as to how to clean this computer up. MBAM log Malwarebytes' Anti-Malware 1.31 Database version: 1550 Windows 5.1.2600 Service Pack 3 12/27/2008 8:55:23 AM mbam-log-2008-12-27 (08-55-23).txt Scan type: Quick Scan Objects scanned: 35979 Time elapsed: 2 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------------------------------------------- Panda Scan turned this up: c:\documents and settings\owner\favorites\online games StartPage.AMB (http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=97473) ---------------------------------------------------------------- HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:59 AM, on 12/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211902553037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 5322 bytes
  8. Finally here is the Hijack This log. Thanks again for all your help and hard work! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:11:00 AM, on 6/6/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgamsvr.exe C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgupsvc.exe C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgemc.exe C:\Program Files\EMSI\VPN Client\cvpnd.exe C:\WINNT\System32\svchost.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Program Files\ScanSoft\PaperPort\viperusb.exe C:\WINNT\system32\wfxsnt40.exe C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe C:\Program Files\Remote\Nodesys\rwkernel.exe C:\Program Files\Remote\nodesys\RWCTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgw.exe C:\Program Files\Citrix\GoToMyPC\g2mainh.exe C:\Program Files\Citrix\GoToMyPC\g2host.exe C:\Program Files\Citrix\GoToMyPC\g2printh.exe C:\Program Files\Citrix\GoToMyPC\g2audioh.exe C:\Documents and Settings\Suzanne Hall\Desktop\hiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\!COMPU~1\SPYBOT~1.4(0\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [strobePro] C:\Program Files\ScanSoft\PaperPort\viperusb.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [fxgarzvh] C:\WINNT\system32\dstmxajy.exe O4 - HKCU\..\Run: [gzlcasoo] C:\WINNT\system32\qpibmxet.exe O4 - HKCU\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide O4 - HKLM\..\Policies\Explorer\Run: [Ruya48VUsO] C:\Documents and Settings\All Users\Application Data\dorcfkdw\jcdyzkta.exe O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe O4 - Global Startup: Client Communications.lnk = C:\Program Files\Remote\Nodesys\rwkernel.exe O4 - Global Startup: Examination Management Services, Inc. EMSI VPN Client.lnk = C:\Program Files\EMSI\VPN Client\vpngui.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.pandasecurity.com O16 - DPF: Documentum Content Transfer 5.2.5 SP - https://echo.emsinet.com:8443/echo/wdk/cont...ContentXfer.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142869553640 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\!COMPU~1\AVGANT~1.1(0\avgemc.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMSI\VPN Client\cvpnd.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 8314 bytes
  9. ESET scan results: Win32/Adware.WBug.A application F:\Suzannes backup\Documents and Settings\Suzanne Hall\My Documents\Install_AIM.exe>>WISE>>WxBug.EXE>>WISE>>MiniBugTransporter.dll Win32/Adware.WBug.A application F:\Suzannes backup\Documents and Settings\Suzanne Hall\My Documents\Install_AIM.exe>>WISE>>WxBug.EXE Win32/Adware.WBug.A application F:\Suzannes backup\Documents and Settings\Suzanne Hall\My Documents\Install_AIM.exe Win32/Adware.PlayMP3Z application C:\Documents and Settings\Suzanne Hall\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qp6z1f.default\Cache\EEA4540Ed01
  10. Hello, Outlook Express is freezing on us anytime we try to take any action. That is, we can open the program and it appears fine but if, for example, we try to send/recieve messages it freezes. It is installed as Internet Mail Only. It is part of MS Office 2000 running on a Windows 2000 platform. Now, apparently the boss's son was browsing for porno (no joke) and the computer contracted some kind of virus. I think the two events (Outlook freezing and the porno virus) are related. Thank you for your help and time. Please note, however, that tomorrow is a normal business day, and although I am posting now, I will not be able to try any suggestions until after 5 PM EST tomorrow evening. Bear with me as it is a complicated situation compounded by my lack of finess in all matters Outlook Express. Here is the MBAM log: Malwarebytes' Anti-Malware 1.15 Database version: 833 2:31:02 AM 6/6/2008 mbam-log-6-6-2008 (02-31-02).txt Scan type: Quick Scan Objects scanned: 53613 Time elapsed: 11 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 49 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully. C:\WINNT\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Bug Doctor\FixedOnSundayOctober012006091631.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully. C:\WINNT\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\virii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINNT\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINNT\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Suzanne Hall\Desktop\blackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully. ESET log to follow.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.