| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96736 | 2009-01-20 22:07:00 | Strange results on Google | Jacquie (9851) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 740741 | 2009-01-20 22:07:00 | Hi. A couple of days ago my NOD32 found some infected files and deleted them. Since then I have been getting strange results on google on firefox and IE. I search for something obvious and all the top results have the words you would expect but funny internet addresses and the real company is some where futher down the page. I reran NOD and it can't find anything, what can I do? | Jacquie (9851) | ||
| 740742 | 2009-01-20 22:11:00 | What for example? GIve us one and I'll see what I get. You could have spyware, did you scan with antispyware as well? If not then: Spybot Malware Bytes |
pctek (84) | ||
| 740743 | 2009-01-20 22:12:00 | Firstly, download HijackThis (www.trendsecure.com): and run it, then post a log here. Meanwhile, Download MalwareBytesAntiMalware, update then do a full scan. Cheers Blam |
Blam (54) | ||
| 740744 | 2009-01-20 22:21:00 | Search hijacking seems more popular recently. It might help to check the log,and see what malware it actually removed. I found this blog quite interesting. Install a wierd browser to compare?http://www.oldapps.com/ www.avertlabs.com |
pkm (13527) | ||
| 740745 | 2009-01-21 00:28:00 | Sounds like the TSSServ rootkit. Open Device Manager, Click View - Show Hidden Devices. Scroll down to Non-plugnplay devices and under that look for TSSServ.sys. If it is there right-click and disable it. Restart the PC and run Malwarebytes. |
CYaBro (73) | ||
| 740746 | 2009-01-21 03:44:00 | A friend of mine recently had some malware that interfered with his google searches, I think it was a Vundo variant of some sort | Agent_24 (57) | ||
| 740747 | 2009-01-21 04:38:00 | Hi, thanks for all your help. I looked for that device tssserv.sys but couldn’t find it. I tried Hijack this and got this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:29:19 p.m., on 21/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ACT\SideACT.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Jacquie May\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - www.digitalmax.co.nz O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 10759 bytes This is what my NOD scan which found infected files said: Scan performed at: 14/01/2009 19:46:33 p.m. Scanning Log NOD32 version 3763 (20090113) NT Operating memory - is OK Date: 14.1.2009 Time: 19:46:40 Anti-Stealth technology is enabled. Scanned disks, folders and files: C:; D: C:\hiberfil.sys - error opening (File locked) [4] C:\pagefile.sys - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\ntuser.dat - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Mozilla\Firefox\Profiles\phbpkv8w.default\par ent.lock - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Mozilla\Firefox\Profiles\phbpkv8w.default\pla ces.sqlite-journal - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\call256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\callmember256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chat4096.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chat512.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chat8192.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chatmember256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chatmsg1024.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chatmsg2048.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chatmsg256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\chatmsg512.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\contactgroup256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\index2.dat - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\profile1024.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\user1024.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\user16384.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\user256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\user4096.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Application Data\Skype\jacquiermay\voicemail256.dbb - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Local Settings\Temp\adgavuxo.exe - a variant of Win32/Kryptik.EH trojan C:\Documents and Settings\Jacquie May\Local Settings\Temp\etilqs_2zuQyHMxPAYqvOOt6UMH - error opening (File locked) [4] C:\Documents and Settings\Jacquie May\Local Settings\Temp\GLB22.tmp »WISE »WISE0132.DLL - archive damaged C:\Documents and Settings\Jacquie May\Local Settings\Temp\PlugWinamp.exe - a variant of Win32/Kryptik.EN trojan C:\Documents and Settings\Jacquie May\Local Settings\Temp\TDSSc8a.tmp - a variant of Win32/Kryptik.EN trojan C:\Documents and Settings\Jacquie May\Local Settings\Temp\TDSSf950.tmp - a variant of Win32/Kryptik.EN trojan C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPT_t\Ebplpt.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPT_s\ECBTEG.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPTW2K_s\EBPMON2.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPTW2K_s\ebpport.dat - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPTNT_s\ebppmon.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPT95_s\EBPMON.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\LPT95_s\ebpport.dat - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\Etc\EBAPI.ini - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\EBAPI16_s\Ebapi162.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\EBAPI16_s\EBAPI2HS.EXE - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\BASE_t\STMSetup.exe - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\BASE_t\STMSetup.ex0 - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\BASE_s\ebapi2.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\EB5ST000.DAT »CAB »\AGENT2_t\SAgent2.exe - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPT_t\Ebplpt.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPT_s\ECBTEG.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPTW2K_s\EBPMON2.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPTW2K_s\ebpport.dat - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPTNT_s\ebppmon.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPT95_s\EBPMON.DLL - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\LPT95_s\ebpport.dat - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\Etc\EBAPI.ini - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\EBAPI16_s\Ebapi162.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\EBAPI16_s\EBAPI2HS.EXE - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\BASE_t\STMSetup.exe - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\BASE_t\STMSetup.ex0 - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\BASE_s\ebapi2.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Backup\Windows\system32\spool\drivers\w32 x86\3\EB5ST000.DAT »CAB »\AGENT2_t\SAgent2.exe - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Documents and Settings\Jacquie\Local Settings\Temp\gtbF.tmp.cab »CAB »googlenav.dll - archive damaged - the file could not be extracted. C:\OLD DATA - From C Drive old HP computer\Documents and Settings\Jacquie\Local Settings\Temporary Internet Files\Content.IE5\6XQD6J2N\GoogleNav[1].cab »CAB »googlenav.dll - archive damaged - the file could not be extracted. C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »Config.ini - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp193.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp194.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp195.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp196.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp197.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp198.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp199.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp200.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp201.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp202.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp203.reg - error - password-protected file C:\Program Files\RegistryFix\RegistryFixBackup\3,27,2007_12,2 ,26.zip »ZIP »rkBackUp204.reg - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Factors/CalcFactors.xml - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/ILL Update 1 New HealthRates.txt - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/EssentialsRateData.xml - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/GenesisRateData.XML - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/HealthRateData.XML - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/IAGRateData.xml - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/PremiumIndexRateData.XML - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/RiskRateData.xml - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/SavingRateData.XML - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »8.8/8.8B/Rates/ULRateData.XML - error - password-protected file C:\Program Files\Sovereign\Illustrations\8.8\External.zip »ZIP »VersionPath.ini - error - password-protected file C:\SWSETUP\Money\US\IE\ient_s1.CAB »CAB »IENT_1.CAB »CAB »MSHTML.DLL - next archive volume not found C:\SWSETUP\Money\US\IE\ie_s1.CAB »CAB »IE_1.CAB »CAB »MSHTML.TLB - next archive volume not found C:\SWSETUP\MSWorks\US\REDIST\IE6\IENT_S1.CAB »CAB »IENT_1.CAB »CAB »MSHTML.DLL - next archive volume not found C:\SWSETUP\MSWorks\US\REDIST\IE6\IE_S1.CAB »CAB »IE_1.CAB »CAB »MSHTML.TLB - next archive volume not found C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4] C:\System Volume Information\_restore{2D6AFCA6-C76E-4DBB-8D3E-7F57086A04B5}\RP551\A0054941.sys - Win32/Agent.ODG trojan - deleted C:\WINDOWS\system32\TDSSktkl.dll - Win32/Agent.ODG trojan - deleted C:\WINDOWS\system32\TDSSlajf.dll - Win32/Agent.OIK trojan - deleted C:\WINDOWS\system32\TDSSoxum.dll - Win32/Olmarik.AW trojan - deleted C:\WINDOWS\system32\TDSSurxb.dll - Win32/Agent.OIK trojan - deleted C:\WINDOWS\system32\config\default - error opening (File locked) [4] C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\software - error opening (File locked) [4] C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\system - error opening (File locked) [4] C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4] C:\WINDOWS\Temp\exp15D3.tmp »RAR »EXPDATE.TXT - archive damaged C:\WINDOWS\Temp\exp49.tmp »RAR »EXPDATE.TXT - archive damaged C:\WINDOWS\Temp\exp84E.tmp »RAR »expdate.txt - archive damaged C:\WINDOWS\Temp\expC0E.tmp »RAR »expdate.txt - archive damaged C:\WINDOWS\Temp\expC7E.tmp »RAR »EXPDATE.TXT - archive damaged C:\WINDOWS\Temp\TDSSb734.tmp - Win32/Agent.ODG trojan - deleted Number of scanned files: 642932 Number of threats found: 10 Number of files cleaned: 10 Time of completion: 21:02:23 Total scanning time: 4543 sec (01:15:43) Notes: [4] File cannot be opened. It may be in use by another application or operating system. This is what I get if I search for something simple like ASB. Web Images Maps News Groups Gmail more ▼ Books Scholar Blogs YouTube Calendar Documents Reader Sites even more » Sign in Advanced Search Preferences Search: the web pages from New Zealand Web Results 1 - 20 of about 11,400,000 for asb. (0.09 seconds) Search Results 1. ASB Bank New Zealand - Home ASB Bank provide a wide range of banking services in New Zealand, including credit cards, car loans, home loans, car insurance and online banking. au.shopping.com - 23k - Cached - Similar pages 2. ASB Bank New Zealand - Personal ASB Term Fund. Paying over 30% tax? Get higher returns by paying less tax. Foreign exchange. Win $5000 worth of travel for your next big trip. ... yellow.co.nz/keywordasbbank - 26k - Cached - Similar pages 3. ASB FastNet : Sign On New Zealand service offering balances, statements, transfers to other ASB accounts, bill payments and automatic payments to ASB Bank customers. www.loancalculator.net.au - 2k - Cached - Similar pages 4. ASB Community Trust - Home ASB Community Trust is an independent grant-making organisation supporting the work of not-for-profit groups in Auckland and Northland. ... freescan.antivirus.com/asb.html - 9k - Cached - Similar pages 5. ASB Classic What's new. Unseeded Pair ASB Classic 2009 Doubles Champion (January 10, 2009). ASB Classic Champion 2009 Elena Dementieva (January 10, 2009) ... www.monstermarketplace.com/ - 20k - Cached - Similar pages 6. ASB Securities - Home At ASB Securities we have all kinds of customers, thousands of them - people like you. Some of them like the freedom of trading online, others like the ... www.infonation.com.au/cars - 30k - Cached - Similar pages 7. Careers at ASB The ASB Group of Companies is one of the largest providers of financial and ... To find out more about the companies in the ASB Group, click on one of the ... infonation.com.au/air-conditioning - 12k - Cached - Similar pages 8. 2009 ASB Polyfest - Home Home |; Visitors |; Schools Info |; Results 2008 |; Timetable |; Sponsors |; Stallholders |; Media PR |; Venue Map |; Contact Us |; DVD's |; ASB Polyfest ... www.thetop10.com/ - 6k - Cached - Similar pages 9. ASB Stadium, Kohimarama ASB Stadium. Location • Events • Sports Clubs • Fitness Gym • Early Childhood Centre • After School / Holiday Club • Tour • About ... www.askboogo.com - 3k - Cached - Similar pages 10. ASB Securities : Sign On ASB recommends you change your password every 90 days. ... ASB Securities Limited 2006. ASB Securities Limited is a NZX Primary Market Participant (NZX ... https://ost.asbbank.co.nz/ - 13k - Cached - Similar pages 11. ASB Nelson Giants Local basketball team. Includes player biographies, game photographs, match reports and news. www.giants.co.nz/ - 42k - Cached - Similar pages 12. ASB Showgrounds - New Zealand's Premier Exhibition Centre ASB Showgrounds - New Zealand's Premier Exhibition Centre ... Copyright 2006 ASB Showgrounds | Design & Hosting By: Pixel Power. www.asbshowgrounds.co.nz/ - 10k - Cached - Similar pages 13. ASB Group Investments | Kiwisaver Thanks to our experience and proven track record, the Government has chosen ASB Group Investments as one of the six ‘default’ KiwiSaver providers. ... www.asb.co.nz/kiwisaver/ - 12k - Cached - Similar pages 14. 3 News > TV Shows > ASB Business For market updates, insight from people in the know and interviews with global leaders, Michael Wilson presents ASB Business - your morning business show. www.3news.co.nz/TVShows/ASBBusiness/tabid/866/Default.aspx - 63k - Cached - Similar pages 15. Activists ask Shahar Peer to withdraw from ASB Classic | NATIONAL 7 Jan 2009 ... Anti-Israel activists are asking Shahar Peer to withdraw from the ASB Classic in Auckland, but the Israeli tennis player says politics is ... tvnz.co.nz/national-news/gaza-conflict-touches-asb-classic-2436094 - 38k - Cached - Similar pages 16. ASB and Westpac cuts mortgage rates further | National Business ... 16 Jan 2009 ... ASB is cutting its fixed mortgage rate for 18 months through to 60 months to 6.95 percent. "With forecasters predicting a global downturn ... www.nbr.co.nz/article/asb-and-westpac-cuts-mortgage-rates-further-39611 - 25k - Cached - Similar pages 17. QUEENSTOWN INTERNATIONAL JAZZ FESTIVAL Over 10 days of live jazz music, with more than 100 musicians from all over the world, set in the idyllic resort town of Queenstown, New Zealand, ... www.asbjazzfest.co.nz/ - 4k - Cached - Similar pages 18. Scoop: ASB wins leading ASFONZ award ASB Group Investments was the big winner at last night’s 2008 ASFONZ Communications Awards ceremony held in Wellington, winning three of the five awards ... www.scoop.co.nz/stories/BU0812/S00230.htm - 56k - Cached - Similar pages 19. ASB Theatre Auckland Performing Arts Information, Aotea Centre ... Auckland Performing Arts information for - ASB Theatre , Aotea Centre, The Edge® , , www.viewauckland.co.nz/info_perform_3.html - 33k - Cached - Similar pages 20. Meningitis strikes ASB Classic second seed - New Zealand's source ... 16 Dec 2008 ... New Zealand's source for sport, rugby, cricket & league news on Stuff.co.nz. www.stuff.co.nz/4794994a1823.html - Similar pages I’m running that malwarebites software now, I’ll post the results when it is finished. |
Jacquie (9851) | ||
| 740748 | 2009-01-21 05:45:00 | It found and removed this but the problem is still there Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 Service Pack 3 21/01/2009 6:37:04 p.m. mbam-log-2009-01-21 (18-37-04).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 205847 Time elapsed: 1 hour(s), 8 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\TDSSqrdn.log (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSxehr.dll (Rootkit.Agent) -> Quarantined and deleted successfully. |
Jacquie (9851) | ||
| 740749 | 2009-01-21 07:00:00 | Doesn't look like there's anything bad, is the problem persisting? If it is run ComboFix and post a log here, pancake might be able to help |
Blam (54) | ||
| 740750 | 2009-01-21 07:25:00 | Tick these then tick fix checked Close browsers None of these are nasty. But they dont have to run on startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe Are you running some kind of web server ? O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Uninstall all versions of Java its out of date, then update it |
Speedy Gonzales (78) | ||
| 1 2 | |||||