another log (RESOLVED)

  1. 07-01-2006  #1
    geelong
    geelong is offline Newbie

    another log (RESOLVED)

    hi please can you look at this for me, kids have found incredimail and the games and are downloading stuff willy nilly. Not sure if pc is ok or me being paranoid.

    i do have problems with a new video card nvida fx5200 the whole pc will just freeze, think that might be a conflict problem but would like this log looked at to be safe.

    thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 17:33:50, on 07/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Russell\Desktop\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
    O18 - Protocol: Festoon - (no CLSID) - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Last edited by geelong; 07-01-2006 at 08:41 PM.

  3. 07-01-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    There are no problems evident from your HJT log.


    Try running the following two (2) scans for second opinions. Reboot between each scan:



    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.




    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.



    See the following for common malware preventative measures to help reduce the RISK issues from many family member hehaviors:


    To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



    ONCE your are as clean as possible - As a final cleanup step, it is often advisable to Reset and Re-enable your System Restore to remove any bad files that may have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

    PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


    (Windows XP)
    c:\System Volume Information\_restore….
    To Turn OFF System Restore.
    1. Click the Start button.
    2. Right-click My Computer, and then click Properties.
    3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
    4. Click Apply.

    To Turn ON System Restore.
    1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
    2. Create new System Restore points.


    (Windows ME)
    c:\_RESTORE\TEMP\….
    See the following link for instructions:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




    To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
      http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
      http://www.microsoft.com/windows/ie/default.asp

    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
      AVG: http://free.grisoft.com/doc/1
      Avast: http://www.avast.com/eng/avast_4_home.html

    3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
      Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
      Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
      MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx

    4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
      Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
      *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
      Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

      It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

    5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
      Mozilla Firefox: http://www.mozilla.org/products/firefox/

    6. Consider increasing your browser security by using these programs:
      SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
      SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
    7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
      • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
      • Next select ‘Open host file manager’ button.
      • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
      • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

        #start of lines added by WinHelp2002
        # [Misc A - Z]
        127.0.0.1 phpadsnew.abac.com
        127.0.0.1 a.abnad.net
        127.0.0.1 e.abnad.net
        127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
        .
        .
        .
        #end of lines added by WinHelp2002




    *Remember just like your primary anti-virus software, it is important to:
    • Keep all of these programs up-to-date, and
    • Use them on a regular basis.
  4. 08-01-2006  #3
    geelong
    geelong is offline Newbie
    ok thanks for that both reports below,
    i will delete all quaritened files from norton, as for Outlook backup files as they are not likely to be opened and will be overwritten i will leave for now unless you suggest otherwise.

    The nove incoming files i will delete, but what about last item in Kaspersky report about system information being infected. I also have not yet disabled and re-abled system restore i would assume that is the last thing i do before i re-boot?




    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:07:53, 08/01/2006
    + Report-Checksum: 62C5B987

    + Scan result:

    C:\Documents and Settings\Amy\Cookies\amy@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Russell\Application Data\Mozilla\Firefox\Profiles\cgzq2jqd.default\coo kies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    C:\Documents and Settings\Russell\Cookies\russell@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Russell\Cookies\russell@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S1YNGD23\mm[1].js -> Spyware.Chitika : Cleaned with backup
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core\keygen_winamp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core.zip/keygen_winamp.exe -> Spyware.Hijacker.Generic : Error during cleaning




    -----------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, January 08, 2006 11:41:47
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 8/01/2006
    Kaspersky Anti-Virus database records: 169724
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 73636
    Number of viruses found: 9
    Number of infected objects: 71
    Number of suspicious objects: 4
    Duration of the scan process: 4154 sec

    Infected Object Name - Virus Name
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A1596.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A1596.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EF07C76.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EF07C76.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F805D48.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F805D48.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17E7157D.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17E7157D.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1AA660E9.tmp Infected: Email-Worm.Win32.NetSky.c
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D7D5101.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D7D5101.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1ED40987.tmp Infected: Trojan-Proxy.Win32.Agent.hx
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31D160AF.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31D160AF.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33566503.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33566503.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38614F2F.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38614F2F.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38CA7300.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38CA7300.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3AC406DC.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D371EAC.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D371EAC.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DC00215.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DC00215.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\453D698F.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\453D698F.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456B355D.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456B355D.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45AE0962.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45AE0962.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\468A3C02.tmp Infected: Email-Worm.Win32.NetSky.c
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48EB31D1.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48EB31D1.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E120856.tmp/death.txt.scr Infected: Email-Worm.Win32.NetSky.c
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E120856.tmp Infected: Email-Worm.Win32.NetSky.c
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E9E1345.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E9E1345.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562D3742.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562D3742.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5AF05C4D.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5AF05C4D.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5E8D3AC1.tmp Infected: Email-Worm.Win32.NetSky.c
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63A3174D.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63A3174D.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63D40D17.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63D40D17.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64227CC1.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64227CC1.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71197F0F.tmp/[From 20george.hall@docutex.co.uk][Date Fri, 7 Oct 2005 07:52:13 +0100]/yours.pif Infected: Email-Worm.Win32.NetSky.d
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71197F0F.tmp Infected: Email-Worm.Win32.NetSky.d
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\716E42B1.tmp/[From prescott_thomas@compuserve.com][Date Fri, 7 Oct 2005 12:50:39 +0100]/my_details.pif Infected: Email-Worm.Win32.NetSky.d
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\716E42B1.tmp Infected: Email-Worm.Win32.NetSky.d
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C511CFA.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C511CFA.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C5E44EB.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C5E44EB.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2D2E5A.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2D2E5A.tmp Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EA63FD6.tmp/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7EA63FD6.tmp Infected: Email-Worm.Win32.Sober.y
    H:\backup\outlook\08-01-06.pst/Personal Folders/Sent Items/11 Jun 2003 16:33 to support@nildram.net:FW: De Savary.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
    H:\backup\outlook\08-01-06.pst/Personal Folders/Sent Items/14 Jun 2003 07:37 to abuse@nildram.net:FW: De Savary.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
    H:\backup\outlook\08-01-06.pst/Personal Folders/Norton AntiSpam Folder/26 Dec 2005 17:19 from eBay:[Norton AntiSpam] eBay Official Upda.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn
    H:\backup\outlook\08-01-06.pst/Personal Folders/Norton AntiSpam Folder/03 Jan 2006 10:08 from eBay Inc:[Norton AntiSpam] eBay - importa.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn
    H:\backup\outlook\08-01-06.pst/Personal Folders/Norton AntiSpam Folder/07 Jan 2006 07:58 from Halifax bank:[Norton AntiSpam] Halifax In.rtf Infected: Trojan-Spy.HTML.Bankfraud.hs
    H:\backup\outlook\08-01-06.pst/Personal Folders/Norton AntiSpam Folder/07 Jan 2006 10:51 from eBay:[Norton AntiSpam] ATTENTION EBAY CLI.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn
    H:\backup\outlook\08-01-06.pst Infected: Trojan-Spy.HTML.Bayfraud.hn
    H:\backup\outlook\sent.pst/Personal Folders/Sent Items/11 Jun 2003 16:33 to support@nildram.net:FW: De Savary.html Suspicious: Exploit.HTML.Iframe.FileDownload
    H:\backup\outlook\sent.pst/Personal Folders/Sent Items/14 Jun 2003 07:37 to abuse@nildram.net:FW: De Savary.html Suspicious: Exploit.HTML.Iframe.FileDownload
    H:\backup\outlook\sent.pst/Personal Folders/Norton AntiSpam Folder/27 Sep 2005 05:33 from support@paypal.com:[Norton AntiSpam] PayP.html Infected: Trojan-Spy.HTML.Paylap.fg
    H:\backup\outlook\sent.pst Infected: Trojan-Spy.HTML.Paylap.fg
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core.zip/keygen_winamp.exe Infected: Trojan.Win32.StartPage.sr
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core.zip Infected: Trojan.Win32.StartPage.sr
    H:\System Volume Information\_restore{077E512F-B1F7-4523-B328-F38C485E528C}\RP106\A0053426.exe Infected: Trojan.Win32.StartPage.sr

    Scan process completed.
  5. 08-01-2006  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core.zip/keygen_winamp.exe Infected: Trojan.Win32.StartPage.sr
    H:\nova incoming\Winamp.Pro.v5.04.Winall.Incl.Keymaker-Core.zip Infected: Trojan.Win32.StartPage.sr
    The use of any download application comes with RISKS - you are always one potential download from infection trouble. There are two malware items currently sitting in the Winamp download area - delete those. If you are going to use such applications you will would be well advised to run scanning tools like Kaspersky almost daily (Ewido and Panda Activescan http://www.pandasoftware.com/products/ActiveScan.htm are also highly recommend as is SpySweeper [subscription service] http://www.webroot.com/consumer/products/spysweeper )



    H:\System Volume Information\_restore{077E512F-B1F7-4523-B328-F38C485E528C}\RP106\A0053426.exe Infected: Trojan.Win32.StartPage.sr
    This tells you you need to reset your 'System Restore' area (as mentioned in my last post).



    C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\S1YNGD23\mm[1].js -> Spyware.Chitika : Cleaned with backup
    You should also periodically run this tool (weekly or monthly as garbage volume dictates):

    Download and run the freeware system optimization and privacy tool:
    CCleaner (Crap Cleaner)
    http://www.ccleaner.com/ccdownload.asp

    It removes unnecessary junk from your computer allowing it to run more efficiently and securely.

    You may get more optimal cleaning if you run it in SAFEMODE – while rebooting and at the beep keep tapping the F8 key.

    Once installed, you will notice an Online Help link at the bottom left. Updates checking link is provided at the bottom right. When first run in its DEFAULT opening setup – Cleaner button (Windows TAB is selected) , click the ‘Analyse’ button. Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.
  6. 08-01-2006  #5
    geelong
    geelong is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    many thanks for you great advice, yes im fully aware of the dangers of using downlaoding software and the programs you have told me about will help with that.

    Fantastic free service you are really doing wonderful job.
+ Reply to Thread
« HiJackThis Log, pls help! | Need Help Removing Either Win Fixer Virus or Welchia Worm! »