Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
3 Pages V   1 2 3 >  
 Closed TopicStart new topic
AVG pop up [RESOLVED]
lenore2
post Sep 23 2008, 10:33 AM
Post #1


Member
**
Posts: 67
From: UK
OS: Windows XP
Sorry I can't be more precise, my sibling got the message displayed when she used this pc but did not leave me the details.

Here is my Hijack this log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:38, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CConnect\CConnect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8611 bytes
Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 6 2008, 12:35 PM
Post #2


Trusted Helper
Group Icon
Posts: 2,352
OS: XP Pro
Hello lenore2,

Sorry for the delay.

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file after your forum name and save it to your desktop. You will see the .run file on your desktop. Upload that file here.
Go to the top of the page
 
+Quote Post
lenore2
post Oct 8 2008, 12:38 AM
Post #3


Member
**
Posts: 67
From: UK
OS: Windows XP
I've done the Java up date and here is the Run File.
Attached File(s)
Attached File  Lenore2.run ( 184.2K ) Number of downloads: 4
 
Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 8 2008, 01:22 AM
Post #4


Trusted Helper
Group Icon
Posts: 2,352
OS: XP Pro
Hello again lenore2,

Bit to do in this post.

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Save it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC

Now

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.

Copy and paste that information in your next post.

Finally in this post
  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • RSIT logs - log.txt and info.txt

It is likely that the reports will not fit on one post; just use as many posts as needed, that's fine.
Attached File  lenore2fix.run ( 185.35K ) Number of downloads: 1
Go to the top of the page
 
+Quote Post
lenore2
post Oct 9 2008, 03:22 AM
Post #5


Member
**
Posts: 67
From: UK
OS: Windows XP
I've got major problems this morning. I did the fixes with the attachment you gave me and re-booted fine.
I also downloaded the second file to do the quick system scan with the intent of running it later today when I get home from work. This morning my pc was very very slow to start and when I finally managed to log in I had something keep popping up saying it was Windows Installer and it was trying to install something but I have no idea what? it's not doing any Windows updates it ran those yesterday. I then went to reboot because it was so slow and I had a message coming up saying File record Segment followed by numbers was unreadable. I have no idea what this meant and then it said 33% complete. In the end I had to turn it off by the the tower because it wouldn't reboot.

I intended to run the quick scan if I can when I get home from work. I'm concerned my pc may die!! please help. :-)

Do you think it's wise to back up my system?

This post has been edited by lenore2: Oct 9 2008, 10:10 AM
Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 9 2008, 02:00 PM
Post #6


Trusted Helper
Group Icon
Posts: 2,352
OS: XP Pro
Hi lenore2,

Those fixes only related to orphaned items and entries with no file attached. If you followed my instructions correctly they couldn't have caused problems with your computer.

That pop up telling you it was 30% complete; was that a Windows update perhaps or maybe if you had downloaded Malwarebytes it was installing?

My thought is that it was a legitimate program trying to update or install.

Try rebooting and allow the program to complete it's update or installation.

It's quite likely that everything will be fine. On the other hand if it was the installation of Malwarebytes and it has been interrupted and become corrupted somehow we might have to uninstall it and reinstall.

Let me know how you get on.

Go to the top of the page
 
+Quote Post
lenore2
post Oct 12 2008, 01:52 PM
Post #7


Member
**
Posts: 67
From: UK
OS: Windows XP
Hey,

Just to let you know I'm still here. I've run Malwarebytes, I'm just trying to do the last two. the pc is is just being chronically slow!!

Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 12 2008, 02:19 PM
Post #8


Trusted Helper
Group Icon
Posts: 2,352
OS: XP Pro
Okie dokie.
Go to the top of the page
 
+Quote Post
lenore2
post Oct 12 2008, 04:06 PM
Post #9


Member
**
Posts: 67
From: UK
OS: Windows XP
I'm doing Kapersky currently, hope to have the reports for you soon.
Go to the top of the page
 
+Quote Post
lenore2
post Oct 13 2008, 01:21 AM
Post #10


Member
**
Posts: 67
From: UK
OS: Windows XP
Malwarebytes' Anti-Malware 1.28
Database version: 1244
Windows 5.1.2600 Service Pack 3

09/10/2008 23:58:16
mbam-log-2008-10-09 (23-58-16).txt

Scan type: Quick Scan
Objects scanned: 83671
Time elapsed: 2 hour(s), 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 157

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Dom\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dom\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Log\2007 Sep 05 - 08_40_39 PM_546.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Log\2007 Sep 05 - 08_40_47 PM_750.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dom\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ollie\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mum\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
C:\Documents and Settings\Mum\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
C:\Documents and Settings\Mum\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
C:\Documents and Settings\Mum\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot.
C:\Documents and Settings\Mum\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Internet Explorer\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Internet Explorer\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
Go to the top of the page
 
+Quote Post
lenore2
post Oct 13 2008, 01:22 AM
Post #11


Member
**
Posts: 67
From: UK
OS: Windows XP
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 12, 2008 22:04:19
Records in database: 1307631
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 91317
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:06:36

No malware has been detected. The scan area is clean.

The selected area was scanned.
Go to the top of the page
 
+Quote Post
lenore2
post Oct 13 2008, 01:27 AM
Post #12


Member
**
Posts: 67
From: UK
OS: Windows XP