Can't Run Comedian, ATF-Cleaner, etc. - Help?(Closed)

Help

Members

Calendar

Live Chat

Welcome Guest ( Log In | Register )

Atribune.org > Malware Removal and Internet Browser Support > Resolved Log Library

2 Pages

< 1 2

Can't Run Comedian, ATF-Cleaner, etc. - Help?(Closed)

Options

Reaver View Member Profile	Nov 5 2009, 05:42 AM Post #21
Member Group: Member+ Posts: 16 Joined: 24-October 09 Member No.: 8,728	Results from Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.41 Database version: 3103 Windows 5.1.2600 Service Pack 3 11/4/2009 9:41:20 PM mbam-log-2009-11-04 (21-41-20).txt Scan type: Quick Scan Objects scanned: 100193 Time elapsed: 2 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\engine.backupengine (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\md5.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Help.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Uninstall.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Active Security Support.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Active Security.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Uninstall Active Security.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.

Reaver View Member Profile	Nov 5 2009, 07:21 AM Post #22
Member Group: Member+ Posts: 16 Joined: 24-October 09 Member No.: 8,728	Results from Kaspersky online scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, November 4, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, November 05, 2009 05:01:12 Records in database: 3134310 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 79176 Threats found: 47 Infected objects found: 198 Suspicious objects found: 31 Scan duration: 01:17:17 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Sunfraud.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Bankfraud.u 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Wamufraud.bo 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Smitfraud.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Email-Worm.Win32.Bagle.pac 2 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Bayfraud.hn 9 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Email-Worm.Win32.Bagle.ck 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Trojan-Spy.HTML.Bayfraud.in 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Email-Worm.Win32.Nyxem.e 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01E00000.VBN Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40000.VBN Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Sunfraud.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Bankfraud.u 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Wamufraud.bo 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Smitfraud.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Email-Worm.Win32.Bagle.pac 2 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Bayfraud.hn 9 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Email-Worm.Win32.Bagle.ck 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Trojan-Spy.HTML.Bayfraud.in 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Email-Worm.Win32.Nyxem.e 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01F40001.VBN Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Sunfraud.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Bankfraud.u 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Wamufraud.bo 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Smitfraud.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Email-Worm.Win32.Bagle.pac 2 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Bayfraud.hn 9 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Email-Worm.Win32.Bagle.ck 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Trojan-Spy.HTML.Bayfraud.in 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Email-Worm.Win32.Nyxem.e 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02180000.VBN Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Buzus.gyj 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Obitel.a 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan-Spy.Win32.Zbot.dqu 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Agent.zeg 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Small.yfw 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Agent.algj 10 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Agent.akcv 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Email-Worm.Win32.NetSky.q 3 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Spy.HTML.Bankfraud.ny 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Spy.HTML.Paylap.st 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Email-Worm.Win32.Nyxem.e 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Spy.HTML.Bankfraud.pd 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Worm.Win32.Feebs.gen 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 11 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Email-Worm.Win32.NetSky.ghc 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Diehard.r 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Diehard.ca 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Diehard.dc 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan.Win32.Pakes.bvm 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Diehard.ev 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Mutant.cv 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Downloader.Win32.Mutant.mx 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Spy.HTML.Paylap.sx 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Spy.HTML.Paylap.ta 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan.Win32.Buzus.gyj 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Dropper.Win32.Agent.slh 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan-Clicker.HTML.Agent.ag 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox Infected: Trojan.Win32.Agent.sqt 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Sunfraud.c 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Bankfraud.u 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Wamufraud.bo 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Smitfraud.a 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Email-Worm.Win32.Bagle.pac 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Bayfraud.hn 9 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Email-Worm.Win32.Bagle.ck 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Trojan-Spy.HTML.Bayfraud.in 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Email-Worm.Win32.Nyxem.e 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Inbox.bak2 Infected: Email-Worm.Win32.NetSky.q 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Email-Worm.Win32.Nyxem.e 8 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Email-Worm.Win32.NetSky.q 4 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Bankfraud.ny 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Visafraud.h 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Paylap.st 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 19 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Bankfraud.ou 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Bayfraud.kl 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Bankfraud.pd 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Worm.Win32.Feebs.gen 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Email-Worm.Win32.NetSky.ghc 2 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Chasfraud.u 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Diehard.r 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Diehard.ca 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Diehard.dc 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan.Win32.Pakes.bvm 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Diehard.ev 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Mutant.cv 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Mutant.jz 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Downloader.Win32.Mutant.mx 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Paylap.sx 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Email-Worm.Win32.Agent.ev 1 C:\Documents and Settings\Peter\Application Data\Thunderbird\Profiles\09q5rbvr.default\Mail\mail.unholyhorde.com\Trash Infected: Trojan-Spy.HTML.Paylap.ta 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dosakoha.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gikibazo.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hadatagu.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\haditapo.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hijazawe.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\huyuvegi.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\jahizoho.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kitiyija.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kiwasuge.exe.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\logon.exe.vir Infected: Trojan.Win32.Vilsel.kga 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lubemilu.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\musurupu.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\resevine.exe.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sedutodo.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbdawilhpmy.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACboppuuwnsr.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACswxymxehtk.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxtblkniftt.dll.vir Infected: Packed.Win32.TDSS.y 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wehokepu.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yubiyufo.dll.vir Infected: Packed.Win32.Krap.p 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1139\A0042169.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1139\A0042170.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1139\A0042171.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1139\A0042172.dll Infected: Packed.Win32.TDSS.y 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042199.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042200.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042201.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042202.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042203.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042204.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042205.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042206.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042207.exe Infected: Trojan.Win32.Vilsel.kga 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042208.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042209.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042210.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042212.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1140\A0042213.dll Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1145\A0043448.exe Infected: Packed.Win32.Krap.p 1 C:\System Volume Information\_restore{5D9E0FF9-9BB3-4CBC-A486-24049C2A792B}\RP1145\A0043449.exe Infected: Packed.Win32.Krap.p 1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LIAWP49T\Z[1].exe Infected: Trojan-Spy.Win32.Zbot.gen 1 D:\From_old_computer\sodivinity\New LYRIKs.doc Infected: Virus.MSWord.Bablas.k 1 Selected area has been scanned.

Rorschach112 View Member Profile	Nov 5 2009, 11:38 AM Post #23
Advanced Member Group: Global Moderator Posts: 4,586 Joined: 17-September 07 Member No.: 3,506	hi CLICK HERE to download the HijackThis Installer: Save HJTInstall.exe to your desktop. Double-click on HJTInstall.exe to run the program. By default it will install to C:\Program Files\Trend Micro\HijackThis. Accept the license agreement by clicking the "I Accept" button. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Click "Save log" to save the log file and then the log will open in Notepad. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log. Come back here to this thread and paste the log in your next reply. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. -------------------- By the power of truth, I, while living, have conquered the universe. ~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here

Reaver View Member Profile	Nov 6 2009, 06:46 AM Post #24
Member Group: Member+ Posts: 16 Joined: 24-October 09 Member No.: 8,728	Contents from HijackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:44:36 PM, on 11/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebyte\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108339051545 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6349 bytes

Rorschach112 View Member Profile	Nov 6 2009, 02:18 PM Post #25
Advanced Member Group: Global Moderator Posts: 4,586 Joined: 17-September 07 Member No.: 3,506	fix these with HJT O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'Default user') Your logs are clean Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Below I have included a number of recommendations for how to protect your computer against malware infections. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. Please read my guide on how to prevent malware and about safe computing here Thank you for your patience, and performing all of the procedures requested. -------------------- By the power of truth, I, while living, have conquered the universe. ~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here

Rorschach112 View Member Profile	Nov 9 2009, 03:07 PM Post #26
Advanced Member Group: Global Moderator Posts: 4,586 Joined: 17-September 07 Member No.: 3,506	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You ! -------------------- By the power of truth, I, while living, have conquered the universe. ~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here

« Next Oldest · Resolved Log Library · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 30th July 2010 - 12:28 PM