Search engine problem

September 1, 2008 at 21:28:47
Specs: WindowXP, 512MB

I have problem with my Firefox & Internet Explorer search. Both search engines bring me to other websites. I ran Malware and the problem seems to be resolved. I then ran Hijack This to ensure. However I do not know how to read the log file. Can somebody help me with this?

See More: Search engine problem

Report •


#1
September 2, 2008 at 14:07:20

Please post your Hijack This log.

Report •

#2
September 2, 2008 at 19:25:39

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:26 AM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Wing\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Regx10EXE] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: °Ù¶ÈËÑË÷°é - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: TruePass EPF 7,0,100,684 -
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wing0220.spaces.live.com//Ph...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6A2DCD5D-C16E-417F-A883-E7AA0A97B9DD} (ioReportViewer.ExcelReport) - https://fundreporting.mellon.com/Apollo/cabs/ioReportViewer.CAB
O16 - DPF: {7B604FD8-E2C8-11D4-A338-00609773BFCD} (sgDtPicker.sgDatePicker) - https://fundreporting.mellon.com/Apollo/cabs/sgDtPicker.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearc...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v1...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 11814 bytes

Thank you.


Report •

#3
September 2, 2008 at 19:38:23

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

Related Solutions

#4
September 2, 2008 at 20:08:18

This is the log file from MalwareBytes.

**************

Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 3

11:06:44 PM 9/2/2008
mbam-log-09-02-2008 (23-06-44).txt

Scan type: Quick Scan
Objects scanned: 45945
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**************


Report •

#5
September 2, 2008 at 20:10:01

And this is the Hijack This log file after re-running the MalwareBytes.

Thank you for your help in advance.

************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:08 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Wing\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Regx10EXE] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: °Ù¶ÈËÑË÷°é - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: TruePass EPF 7,0,100,684 -
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wing0220.spaces.live.com//Ph...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6A2DCD5D-C16E-417F-A883-E7AA0A97B9DD} (ioReportViewer.ExcelReport) - https://fundreporting.mellon.com/Apollo/cabs/ioReportViewer.CAB
O16 - DPF: {7B604FD8-E2C8-11D4-A338-00609773BFCD} (sgDtPicker.sgDatePicker) - https://fundreporting.mellon.com/Apollo/cabs/sgDtPicker.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearc...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v1...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 12060 bytes

************


Report •

#6
September 3, 2008 at 03:39:22

Run Hijack Ths , close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...

O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)


O2 - BHO: (no name) - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)


O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: °Ù¶ÈËÑË÷°é - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - C:\WINDOWS\System32\shdocvw.dll

O11 - Options group: [!IESearch] !IESearch

O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearc...

O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)

Exit Hijack This

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.


Report •

#7
September 3, 2008 at 21:15:15

I'm trying to run the Kaspersky scanner, however, an error occurs in the middle of the process. I'm re-running it and will post the report asap. Thanks again in advance.

Report •

#8
September 4, 2008 at 04:04:00

Windows encounter problems and can't complete the scan. Therefore, I scanned the CritialArea instead. Here's the log file. Please let me know what I can do to fix the problem. Thank you.

*********

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Wing\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 41600
Threat name: 6
Infected objects: 123
Suspicious objects: 0
Duration of the scan: 01:23:15


File name / Threat name / Threats count
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll Infected: not-a-virus:AdWare.Win32.Gator.1015 1
C:\WINDOWS\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as 1
C:\WINDOWS\Downloaded Program Files\UGO20.exe Infected: Trojan-Downloader.Win32.Small.fe 1
C:\WINDOWS\ss_ezdl1_setup.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.a 1
C:\WINDOWS\system32\adv0l1p.dll Infected: Trojan-Dropper.Win32.Bunch 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA0MHW37.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA1RYSAB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA3LL2CW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA7ZO77F.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA9C2QA2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAFHU31G.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAGPF3J6.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAIJX6R8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAJ2KIN9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAKUQGX1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAQSAKTS.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAV45L4A.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAVQMFB4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAXMLWHB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAZO2CL9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA0XY7X1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA1ZK7LY.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA7ASN20.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA965M6R.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA9VE9VR.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAB0EQQN.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAGJ3K8Z.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAK2UAS7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAQCI4KD.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCARVPN4J.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAT5L4PK.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAWHE1XE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAYZXDU7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCA93GL1D.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAAV4QCI.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB0XAM7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB79ZUB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAEU7RN2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAFI1WB9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCALXU4BT.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAM7A2N5.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCANTL2GW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAOMXA3I.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCART41FB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAT1O4KE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU5MGSC.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU954T4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAUBRC13.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1ERXC4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1Z480U.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA4JPAYO.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA5I49F9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA85TVWU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCABCXNY8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCACFUMB0.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAERA8VH.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAEW07NW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAGNN2FQ.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAKN8QYA.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATBGICU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATRMTBU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.


Report •

#9
September 4, 2008 at 15:01:08

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline, turn off your Norton's antivirus, Ad-Aware and Spybot.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running (leave Ad-Aware and Spybot off for now)
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#10
September 4, 2008 at 21:03:04

Hi, I wasn't aware there's something called TeaTimer(?) running in my PC and so I think it interrupted the scanning. The first scan wasn't successful and I couldn't open my anti-virus program anymore (as warned by you in your previous post). I tried re-running the scan. Please find below the log file.

Thanks again.

*********

ComboFix 08-09-04.08 - Wing 2008-09-04 23:50:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.260 [GMT -4:00]
Running from: C:\Documents and Settings\Wing\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-03 21:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-03 21:17 . 2008-09-03 21:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-02 00:45 . 2008-09-02 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Documents and Settings\Wing\Application Data\Malwarebytes
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 23:08 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 23:08 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-31 02:32 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-30 11:13 . 2008-08-30 11:13 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-29 22:32 . 2008-08-29 23:18 <DIR> d-------- C:\Documents and Settings\Wing\Application Data\U3
2008-08-22 23:05 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-22 23:05 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-22 23:05 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-22 23:05 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-22 23:05 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-22 23:05 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-22 23:03 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-22 23:02 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-16 01:38 . 2004-08-04 03:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-16 01:38 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-16 01:38 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-13 21:43 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 21:41 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 01:21 --------- d-----w C:\Program Files\Java
2008-09-02 04:45 --------- d-----w C:\Program Files\Lavasoft
2008-09-02 02:34 --------- d-----w C:\Program Files\DivX
2008-09-02 02:32 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-01 21:58 --------- d-----w C:\Program Files\Apple Software Update
2008-09-01 14:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 14:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-01 02:00 --------- d-----w C:\Program Files\Logitech
2008-09-01 01:58 --------- d-----w C:\Program Files\iPod
2008-09-01 01:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 01:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-31 05:24 --------- d-----w C:\Program Files\BOINC
2008-08-31 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-27 01:13 --------- d-----w C:\Program Files\NJStar Communicator
2008-08-16 20:15 --------- d-----w C:\Documents and Settings\Wing\Application Data\Apple Computer
2008-08-10 23:53 --------- d-----w C:\Program Files\iTunes
2008-07-27 04:56 --------- d-----w C:\Program Files\Bonjour
2008-07-27 04:55 --------- d-----w C:\Program Files\QuickTime
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-11-09 04:57 22,984 -c--a-w C:\Documents and Settings\Wing\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchPd.EXE" [2001-10-02 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\main\ATISched.EXE" [2001-10-02 28672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"Regx10EXE"="C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe" [2001-10-29 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AtiPTA"="atiptaxx.exe" [2001-10-27 C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2001-10-01 6144]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe [ ]
S3 Ndisusb;GeneLink Network Driver;C:\WINDOWS\system32\DRIVERS\genelan.sys [ ]
S3 NETMDSHA;NETMDSHA;C:\WINDOWS\system32\Drivers\NETMDSHA.sys [2002-02-05 37097]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96bf2059-7581-11dd-80e6-000a940363ae}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97fbdfcb-1ae7-11dc-bfe5-000a940363ae}]
\Shell\AutoRun\command - K:\DTSP_Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wing\Application Data\Mozilla\Firefox\Profiles\3v8cdm72.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 23:52:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-09-04 23:53:56
ComboFix-quarantined-files.txt 2008-09-05 03:53:40
ComboFix2.txt 2008-09-05 03:45:26

Pre-Run: 701,820,928 bytes free
Post-Run: 683,233,280 bytes free

159 --- E O F --- 2008-09-01 04:42:20



Report •

#11
September 4, 2008 at 21:26:59

FYI... Below is the log file after the 1st scan. Thank you.

**********

ComboFix 08-09-04.08 - Wing 2008-09-04 23:05:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT -4:00]
Running from: C:\Documents and Settings\Wing\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-03 21:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-03 21:17 . 2008-09-03 21:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-02 00:45 . 2008-09-02 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Documents and Settings\Wing\Application Data\Malwarebytes
2008-09-01 23:08 . 2008-09-01 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 23:08 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 23:08 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-31 02:32 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-31 02:20 . 2008-08-31 02:20 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-30 11:13 . 2008-08-30 11:13 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-29 22:32 . 2008-08-29 23:18 <DIR> d-------- C:\Documents and Settings\Wing\Application Data\U3
2008-08-22 23:05 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-22 23:05 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-22 23:05 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-22 23:05 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-22 23:05 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-22 23:05 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-22 23:03 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-22 23:02 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-16 01:38 . 2004-08-04 03:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-16 01:38 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-16 01:38 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-13 21:43 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 21:41 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 01:21 --------- d-----w C:\Program Files\Java
2008-09-02 04:45 --------- d-----w C:\Program Files\Lavasoft
2008-09-02 02:34 --------- d-----w C:\Program Files\DivX
2008-09-02 02:32 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-01 21:58 --------- d-----w C:\Program Files\Apple Software Update
2008-09-01 14:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 14:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-01 02:00 --------- d-----w C:\Program Files\Logitech
2008-09-01 01:58 --------- d-----w C:\Program Files\iPod
2008-09-01 01:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 01:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-31 05:24 --------- d-----w C:\Program Files\BOINC
2008-08-31 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-27 01:13 --------- d-----w C:\Program Files\NJStar Communicator
2008-08-16 20:15 --------- d-----w C:\Documents and Settings\Wing\Application Data\Apple Computer
2008-08-10 23:53 --------- d-----w C:\Program Files\iTunes
2008-07-27 04:56 --------- d-----w C:\Program Files\Bonjour
2008-07-27 04:55 --------- d-----w C:\Program Files\QuickTime
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-11-09 04:57 22,984 -c--a-w C:\Documents and Settings\Wing\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchPd.EXE" [2001-10-02 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\main\ATISched.EXE" [2001-10-02 28672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"Regx10EXE"="C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe" [2001-10-29 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AtiPTA"="atiptaxx.exe" [2001-10-27 C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2001-10-01 6144]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe [ ]
S3 Ndisusb;GeneLink Network Driver;C:\WINDOWS\system32\DRIVERS\genelan.sys [ ]
S3 NETMDSHA;NETMDSHA;C:\WINDOWS\system32\Drivers\NETMDSHA.sys [2002-02-05 37097]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96bf2059-7581-11dd-80e6-000a940363ae}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97fbdfcb-1ae7-11dc-bfe5-000a940363ae}]
\Shell\AutoRun\command - K:\DTSP_Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-eMuleAutoStart - C:\Program Files\eMule\eMule.exe
HKCU-Run-WebCamRT.exe - (no file)
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-HydarVisionDesktopManager - (no file)
MSConfigStartUp-sysmon - C:\WINDOWS\System32\sysmon\sysmon.exe
MSConfigStartUp-webassist - C:\WINDOWS\webassist.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wing\Application Data\Mozilla\Firefox\Profiles\3v8cdm72.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 23:41:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\System32\NavLogon.dll
.
r Running Proce
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-04 23:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 03:45:19

Pre-Run: 726,609,920 bytes free
Post-Run: 688,529,408 bytes free

196 --- E O F --- 2008-09-01 04:42:20


Report •

#12
September 5, 2008 at 18:34:50

Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Driver, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Driver::
TDSSserv
.NET Connection Service

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.


Report •

#13
September 5, 2008 at 21:10:42

Thank you jabuck, I'll try that tonight and post the scan report.

Report •

#14
September 6, 2008 at 14:42:32

Below is the Scan Report. Thank you.

*******

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 06, 2008 05:36:38
Records in database: 1196306
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 75977
Threat name: 11
Infected objects: 130
Suspicious objects: 0
Duration of the scan: 10:38:36


File name / Threat name / Threats count
C:\Documents and Settings\Wing\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Zhelatin.o 1
C:\td.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 2
C:\td.exe Infected: Trojan-Downloader.Win32.Turown.b 2
C:\td.exe Infected: Trojan-Downloader.Win32.Turown.c 1
C:\td.exe Infected: not-a-virus:AdWare.Win32.IEDriver.c 1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll Infected: not-a-virus:AdWare.Win32.Gator.1015 1
C:\WINDOWS\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as 1
C:\WINDOWS\Downloaded Program Files\UGO20.exe Infected: Trojan-Downloader.Win32.Small.fe 1
C:\WINDOWS\ss_ezdl1_setup.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.a 1
C:\WINDOWS\system32\adv0l1p.dll Infected: Trojan-Dropper.Win32.Bunch 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA0MHW37.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA1RYSAB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA3LL2CW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA7ZO77F.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA9C2QA2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAFHU31G.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAGPF3J6.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAIJX6R8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAJ2KIN9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAKUQGX1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAQSAKTS.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAV45L4A.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAVQMFB4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAXMLWHB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAZO2CL9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA0XY7X1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA1ZK7LY.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA7ASN20.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA965M6R.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA9VE9VR.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAB0EQQN.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAGJ3K8Z.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAK2UAS7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAQCI4KD.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCARVPN4J.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAT5L4PK.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAWHE1XE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAYZXDU7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCA93GL1D.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAAV4QCI.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB0XAM7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB79ZUB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAEU7RN2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAFI1WB9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCALXU4BT.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAM7A2N5.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCANTL2GW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAOMXA3I.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCART41FB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAT1O4KE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU5MGSC.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU954T4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAUBRC13.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1ERXC4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1Z480U.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA4JPAYO.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA5I49F9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA85TVWU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCABCXNY8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCACFUMB0.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAERA8VH.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAEW07NW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAGNN2FQ.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAKN8QYA.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATBGICU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATRMTBU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.


Report •

#15
September 6, 2008 at 20:17:03

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Go to start > run> type in regsvr32 /u occache.dll
then click ok.

Now search and delete these files if found:



C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\flash.inf
C:\WINDOWS\Downloaded Program Files\UGO20.exe

Go to start > run> type in regsvr32 occache.dll
Click ok.

Navigate to and delete these files if found;


C:\td.exe
C:\WINDOWS\ss_ezdl1_setup.exe
C:\WINDOWS\system32\adv0l1p.dll

Download CCleaner from the following link to your desktop:

CCleaner

1. Run the CCleaner installer.
2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
3. Please do NOT run a scan yet!
4. Now, open CCleaner:
a. Click the "Windows" tab.
5. Select the following:
a. Check everything under the "Internet Explorer" section.
b. Check everything under the "Windows Explorer" section.
c. Check everything under the "System" section.
d. Check ONLY "Old Prefetch data" under the "Advanced" section.
6. Then, click the "Applications" tab:
a. CHECK everything there.
7. Next, click the "Options" button in the left pane, then click the "Advanced" button:
a. CHECK : "Only delete files in Windows Temp folders older than 48 hours".
8. Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
9. When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

Are you using Outlook?


Report •

#16
September 6, 2008 at 22:18:23

I've run the CCleaner. How do I know if the spywares and viruses are gone?

yes, I'm using Outlook. should I stop using it?

Thanks again.


Report •

#17
September 7, 2008 at 15:48:35

I tried re-running the Kaspersky Scan. Seems like the viruses are still there. Please advice. Thank you.

*******

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 07, 2008 05:38:12
Records in database: 1199851
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 75971
Threat name: 2
Infected objects: 119
Suspicious objects: 0
Duration of the scan: 07:57:30


File name / Threat name / Threats count
C:\Documents and Settings\Wing\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Zhelatin.o 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA0MHW37.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA1RYSAB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA3LL2CW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA7ZO77F.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA9C2QA2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAFHU31G.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAGPF3J6.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAIJX6R8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAJ2KIN9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAKUQGX1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAQSAKTS.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAV45L4A.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAVQMFB4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAXMLWHB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAZO2CL9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA0XY7X1.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA1ZK7LY.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA7ASN20.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA965M6R.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA9VE9VR.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAB0EQQN.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAGJ3K8Z.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAK2UAS7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAQCI4KD.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCARVPN4J.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAT5L4PK.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAWHE1XE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAYZXDU7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCA93GL1D.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAAV4QCI.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB0XAM7.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB79ZUB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAEU7RN2.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAFI1WB9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCALXU4BT.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAM7A2N5.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCANTL2GW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAOMXA3I.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCART41FB.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAT1O4KE.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU5MGSC.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU954T4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAUBRC13.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1ERXC4.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1Z480U.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA4JPAYO.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA5I49F9.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA85TVWU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCABCXNY8.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCACFUMB0.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAERA8VH.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAEW07NW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAGNN2FQ.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAKN8QYA.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATBGICU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATRMTBU.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.


Report •

#18
September 7, 2008 at 17:32:42

There is probably a stored attachment infecting the computer in this file:

C:\Documents and Settings\Wing\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst

Delete all the email that you can and any attachments.

Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Run another online scan and post its log.


Report •

#19
September 8, 2008 at 04:03:28

Here's the most recent scan report. Thank you.

**********

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 08, 2008 03:22:02
Records in database: 1201341
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 75922
Threat name: 2
Infected objects: 245
Suspicious objects: 0
Duration of the scan: 03:06:21


File name / Threat name / Threats count
C:\Documents and Settings\Wing\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Zhelatin.o 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA0MHW37.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA1RYSAB.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA3LL2CW.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA7ZO77F.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCA9C2QA2.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAFHU31G.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAGPF3J6.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAIJX6R8.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAJ2KIN9.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAKUQGX1.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAQSAKTS.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAV45L4A.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAVQMFB4.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAXMLWHB.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\acCAZO2CL9.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[10].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[11].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[6].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[7].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[8].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\ac[9].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6W7RJI5C\search[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA0XY7X1.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA1ZK7LY.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA7ASN20.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA965M6R.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCA9VE9VR.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAB0EQQN.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAGJ3K8Z.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAK2UAS7.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAQCI4KD.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCARVPN4J.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAT5L4PK.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAWHE1XE.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\acCAYZXDU7.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[10].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[11].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[7].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[8].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\ac[9].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVAX3E1X\search[6].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCA93GL1D.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAAV4QCI.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB0XAM7.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAB79ZUB.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAEU7RN2.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAFI1WB9.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCALXU4BT.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAM7A2N5.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCANTL2GW.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAOMXA3I.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCART41FB.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAT1O4KE.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU5MGSC.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAU954T4.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\acCAUBRC13.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[10].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[11].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[6].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[7].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[8].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\ac[9].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO744HDI\search[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1ERXC4.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA1Z480U.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA4JPAYO.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA5I49F9.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCA85TVWU.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCABCXNY8.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCACFUMB0.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAERA8VH.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAEW07NW.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAGNN2FQ.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCAKN8QYA.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATBGICU.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\acCATRMTBU.htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[10].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[11].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[6].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[7].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[8].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\ac[9].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[1].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[2].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[3].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[4].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7RAWRQZ\search[5].htm.vir Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\QooBox\Quarantine\catchme2008-09-07_215207.53.zip Infected: Trojan-Downloader.JS.Agent.cnn 126

The selected area was scanned.


Report •

#20
September 8, 2008 at 18:48:24

That quarantined the infected temp files.

Go to start> run> type in combofix /u (note the space after combofix) then press enter. That should uninstall combofix.

Navigate to and delete this folder if found (Combofix's quarantine folder):

C:\Qoobox

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.


Report •

#21
September 8, 2008 at 21:43:12

I've uninstall ComboFix and the Qoobox folder is deleted.

I'm trying to run the online scan, however, it seems like I have to download the program. Am I correct?


Report •

#22
September 9, 2008 at 15:52:30

Yes you are.

Report •

#23
September 9, 2008 at 21:32:44

I think this is the log file.

Thank you.

********

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\BitDefender\BitDefender 2009\uiscan_log.xsl"?>
<ScanSession creator="BitDefender Total Security 2009" version="BitDefender UIScanner v.12" creationDate="00:30:19 10/09/2008" installPath="C:\Program Files\BitDefender\BitDefender 2009" originalPath="C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1221021019_1_00.xml" scanClient="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" taskName="Deep System Scan">
<ScanOptions
showWarnings="1" >
<ScanPaths>
<path id="0000">C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe</path>
<path id="0001">C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe</path>
<path id="0002">C:\WINDOWS\System32\svchost.exe</path>
<path id="0003">C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe</path>
<path id="0004">C:\Program Files\Mozilla Firefox\firefox.exe</path>
<path id="0005">C:\WINDOWS\system32\wuauclt.exe</path>
<path id="0006">C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe</path>
<path id="0007">C:\WINDOWS\System32\alg.exe</path>
<path id="0008">C:\Program Files\iPod\bin\iPodService.exe</path>
<path id="0009">C:\Program Files\ATI Multimedia\main\ATISched.EXE</path>
<path id="0010">C:\WINDOWS\system32\ctfmon.exe</path>
<path id="0011">C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe</path>
<path id="0012">C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe</path>
<path id="0013">C:\Program Files\iTunes\iTunesHelper.exe</path>
<path id="0014">C:\WINDOWS\System32\rundll32.exe</path>
<path id="0015">C:\WINDOWS\system32\rundll32.exe</path>
<path id="0016">C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe</path>
<path id="0017">C:\WINDOWS\system32\atiptaxx.exe</path>
<path id="0018">C:\PROGRA~1\AVG\AVG8\avgrsx.exe</path>
<path id="0019">C:\WINDOWS\System32\svchost.exe</path>
<path id="0020">C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe</path>
<path id="0021">C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe</path>
<path id="0022">C:\WINDOWS\system32\svchost.exe</path>
<path id="0023">C:\Program Files\Bonjour\mDNSResponder.exe</path>
<path id="0024">C:\WINDOWS\Explorer.EXE</path>
<path id="0025">C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe</path>
<path id="0026">C:\WINDOWS\system32\Ati2evxx.exe</path>
<path id="0027">C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe</path>
<path id="0028">C:\WINDOWS\system32\spoolsv.exe</path>
<path id="0029">C:\WINDOWS\system32\svchost.exe</path>
<path id="0030">C:\WINDOWS\System32\svchost.exe</path>
<path id="0031">C:\WINDOWS\System32\svchost.exe</path>
<path id="0032">C:\WINDOWS\system32\svchost.exe</path>
<path id="0033">C:\WINDOWS\system32\svchost.exe</path>
<path id="0034">C:\WINDOWS\System32\Ati2evxx.exe</path>
<path id="0035">C:\WINDOWS\system32\lsass.exe</path>
<path id="0036">C:\WINDOWS\system32\services.exe</path>
<path id="0037">C:\WINDOWS\system32\winlogon.exe</path>
<path id="0038">C:\WINDOWS\system32\csrss.exe</path>
<path id="0039">\SystemRoot\System32\smss.exe</path>
<path id="0040">C:\</path>
<path id="0041">F:\</path>
<path id="0042">G:\</path>
<path id="0043">H:\</path>
<path id="0044">I:\</path>
<path id="0045">J:\</path>
</ScanPaths>
<ScanObjects
scanViruses="1"
scanAddware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanRootkits="1"
/>
<TargetSelection
heuristicScan="1"
scanArchives="1"
scanRegistryKeys="1"
scanRegistry="1"
scanCookies="1"
memoryProcesses="1"
scanBootSectors="1"
scanEmail="0"
scanAllFiles="1"
scanPackedFiles="1"
scanSubfolders="1"
includeExtensions=""
excludeExtensions=""
/>
<TargetProcessing
infectedAction="3"
suspiciousAction="1"
hiddenAction="1"
encrInfectedAction="1"
encrSuspiciousAction="1"
passProtAction="1"
/>
</ScanOptions>
<EngineSummary
archivePlugins="43"
mailPlugins="6"
scanPlugins="12"
totalSignatures="1748846"
systemPlugins="4"
unpackPlugins="7"
/>
<ScanSummary
scannedItems="141836"
passProtItems="0"
infectedItems="0"
suspiciousItems="0"
resolvedItems="0"
unresolvedItems="0"
scannedArchives="1519"
bootSectorCount="15"
scannedDirectories="8987"
inputOutputErrors="28"
virusesNumber="0"
scanTime="02:04:45"
filesPerSecond="18"
>
<FileSummary
scanned="141430"
archives="1519"
packed="5240"
infected="0"
suspicious="0"
resolved="0"
deleted="0"
moved="0"
copied="0"
/>
<RegistryKeySummary
scanned="366"
infected="0"
suspicious="0"
/>
<CookieSummary
scanned="0"
infected="0"
suspicious="0"
/>
<ProcessSummary
scanned="40"
infected="0"
suspicious="0"
/>
<MailSummary
scanned="0"
infected="0"
suspicious="0"
/>
</ScanSummary>
<ScanDetails>
</ScanDetails>
</ScanSession>


Report •

#24
September 10, 2008 at 14:53:20

Your logs appears to be clean. How is the computer operating?

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#25
September 10, 2008 at 20:12:06

my computer seems fine now. I can finally live a normal live, LOL. Thank you VERY MUCH for your help, jabuck. :)

Report •

#26
September 11, 2008 at 18:59:29

Glad we could help.

Report •


Ask Question