Author Topic: Application cannot be executed. The file *** is infected. (Read 29911 times)

Halogengirlie · « **on:** February 22, 2010, 10:28:08 PM »

http://www.computerhope.com/forum/index.php?topic=95177.0

Super Dave Please Help! (Ok I didnt read your instructions in the above link very carefully...and I followed your instructions...despite you saying not to... That being said.... can you please help me!)

I followed the instructions and ran the Rkill.exe software as well as the exeHelper.com I would post my logs... but once I ran the exe helper... but after running the Rkill I can no longer access the internet.

They appear to run appropriately. I then installed the SuperAntispyware Free Edition (SAS)....however, since I cannot connect to the internet... I cannot get the virus updates.

I then rebooted, to see if it would reconnect my internet. It did...but it also restarted the whole virus mess up again.

I re-ran the Rkill and the exeHelper... and now I don'tknow what to do. I am using another computer to post this message... and I am too scared to bring the logs onto this computer to post them.. for fear of cross infection.

Can I manually download the updates? You made reference to it in the post above...but I don't see a link.

Thank You!

Halogengirlie · « **Reply #1 on:** February 23, 2010, 03:28:52 AM »

Additional Information:

Windows XP Professional V2002 SP3
AntiVirus Software: ESET NOD 32 Antivirus 3.0.669.0 Virus Signature Database 4888 (20100222)
Firewall: Relying on the hardware Firewall on my lynksys router:
Settings checked are:
Block Anonymous Internet Requests
Filter Multicast
Filter IDENT (Port 113)
Setting not checked is:
Filter Internet Redirection
I don't believe that the XP Firewall was running... years ago when I set everything up (if I remember right) it conflicted with the hardware firewall.

Add Remove Programs: Removed "Search Assist" Not sure about "Sonic Update Manager" or "Bonjour" so I left those two alone.

House Cleaning: Ran the CCleaner... but unchecked all registry boxes since I am not very familiar with the registry

Java: Was running Java (Version 6 Update 18)

Ran HiJack This - generated log only.

Upda

Halogengirlie · « **Reply #2 on:** February 23, 2010, 03:29:43 AM »

LOG for ExeHelper

exeHelper by Raktor
Build 20091220
Run at 22:47:18 on 02/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091220
Run at 23:11:51 on 02/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Halogengirlie · « **Reply #3 on:** February 23, 2010, 03:30:18 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:23 AM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Lelia Goehring\Application Data\U3\0000156279601FC9\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070313
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174695347609
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LELIAG~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 17127 bytes

Halogengirlie · « **Reply #4 on:** February 23, 2010, 03:31:00 AM »

Anti-Malware Log

alwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 3:50:34 AM
mbam-log-2010-02-23 (03-50-24).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 265715
Time elapsed: 1 hour(s), 25 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxethavm (Trojan.FakeAlert.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxethavm (Trojan.FakeAlert.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Halogengirlie · « **Reply #5 on:** February 23, 2010, 03:31:49 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/23/2010 at 01:52 AM

Application Version : 4.34.1000

Core Rules Database Version : 4611
Trace Rules Database Version: 2423

Scan type : Complete Scan
Total Scan Time : 01:59:38

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 8812
Registry threats detected : 1
File items scanned : 125594
File threats detected : 256

Adware.Tracking Cookie
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@hitbox[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@serving-sys[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@specificclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@thefind[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@collective-media[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@overture[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@247realmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@interclick[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@revsci[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@zedo[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@doubleclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@advertising[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tacoda[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adbrite[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@insightexpressai[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@accountonline[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@2o7[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@nextag[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adinterax[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@casalemedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@media6degrees[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@statcounter[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@specificmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@dmtracker[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@apmebf[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trafficmp[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@realmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@fastclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@socialmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@questionmarket[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adrevolver[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@web-stat[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@accessexcellence[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@burstnet[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@atdmt[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adbureau[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@mediaplex[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@chitika[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bravenet[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tribalfusion[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@123count[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trafficdashboard[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@kontera[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bluestreak[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@qnsr[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@imrworldwide[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lfstmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@webstat[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@countercentral[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@oddcast[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][7].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][7].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@traveladvertising[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lynxtrack[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@azjmp[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@b5media[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@crossmediaservices[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@linksynergy[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lucidmedia[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@invitemedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adlegend[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@yieldmanager[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@kanoodle[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@dealtime[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][11].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@sampitrack[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][8].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@pointroll[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][6].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@roiservice[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adecn[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@tradedoubler[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@burstbeacon[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adxpose[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@smartadserver[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][9].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@eyewonder[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@bizrate[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@adcentriconline[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][5].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@revenue[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][3].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@lockedonmedia[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@ru4[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@petfinder[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@clickshift[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][9].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][4].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@xiti[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@pro-market[2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@skinsight[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@atwola[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trackalyzer[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia [email protected]
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@trackmaster[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][1].txt

Rogue.AntivirusSoft
   HKU\S-1-5-21-612603234-3240061797-151707943-1005\Software\avsoft

Halogengirlie · « **Reply #6 on:** February 23, 2010, 03:34:43 AM »

I accidently skipped the cleaning program so I ran it after I ran the SuperAntiSpyware Scan Log.... So I presume that many of those cookies on the SuperAntiSpywate log are now gone. I will re-run the SuperAntiSpyware program and provide you with a new log if you need.

THANK YOU FOR YOUR HELP!

Halogengirlie · « **Reply #7 on:** February 23, 2010, 03:42:23 AM »

Order in which I ran programs since I botched the order a bit... I thought this would help.

rkill
Add Remove Programs
Super AntiSpyware
Malwarebytes
CCleaner
HiJack This (only to generate log... not to fix)

Halogengirlie · « **Reply #8 on:** February 23, 2010, 06:30:40 AM »

I thought that I attached the wrong log for the malware... so I re-ran it:

Malwarebytes' Anti-Malware 1.44
Database version: 3779
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 7:25:27 AM
mbam-log-2010-02-23 (07-25-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 242419
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #9 on:** February 23, 2010, 04:40:17 PM »

Hello Halogengirlie. I'm certainly happy that you were able to get the scans I require.

Quote

Sonic Update Manager

This should be removed unless you are using Sonic. In that case you can fix it by going here.. If not, take a look at this link.

Quote

Bonjour

This is installed with some software such as iTunes or Adobe. If you don't want it here's how to remove it.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Documents and Settings\Lelia Goehring\Local Settings\Application Data\nolcol\vnsnsftav.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

====================================================
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==================================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

===========================================
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Halogengirlie · « **Reply #10 on:** February 23, 2010, 05:41:59 PM »

After running the SuperAntiSpyware, I was able to access the internet again! (Yea!) which meant that I could get the logs to you!

Also while I was at work today I re-ran the SuperAntiSpy Software (since it takes awhile to run). I will attach the log below.... it found 4 items, and said that it was able to remove them.

I went to the Jotti's site and tried the link provided... but it appears that the nolcol folder is now empty. (I have a screen shot of the folder, and it's Properities box... but I'm having a hard time figuring out how to post it.)

Should I proceed to the Windows Messenger, HiJack, and Combo Fix now? Despite my inability to do the Jotti page?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/23/2010 at 08:49 AM

Application Version : 4.34.1000

Core Rules Database Version : 4611
Trace Rules Database Version: 2423

Scan type : Complete Scan
Total Scan Time : 01:17:58

Memory items scanned : 668
Memory threats detected : 0
Registry items scanned : 8812
Registry threats detected : 0
File items scanned : 104740
File threats detected : 4

Adware.Tracking Cookie
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@doubleclick[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\lelia_goehring@insightexpressai[1].txt
   C:\Documents and Settings\Lelia Goehring\Cookies\[email protected][2].txt

[Saving space, attachment deleted by admin]

Halogengirlie · « **Reply #11 on:** February 23, 2010, 05:43:44 PM »

The image is hard to read... but it shows the path to the nolcol folder... and that the "nolcol Properities" box shows that it contains 0 fies and 0 folders. In the attributes column the read only and hidden boxes are both checked.

Halogengirlie · « **Reply #12 on:** February 23, 2010, 05:53:14 PM »

Also... reading ahead I also saw that for the Combo Fix I'm supposed to disable firewalls. I don't think I have a software firewall... just the hardware firewall on my router. Would I need to go into the router settings and disable it for this step?

Halogengirlie · « **Reply #13 on:** February 23, 2010, 05:59:18 PM »

And one last thought! My windows is asking me to install some updates. I'm not sure if I should do that now... or wait till after we complete the cleaning process.

the updates it's asking to install are as follows:

Update for Windows XP (KB967715) (Issue w/ not disabling Autorun features)
Update for Windows XP (KB976662) (Something to do with IE8 and non conformance with new ECMA Script)
Update for Windows XP (KB979306) (Something to do with daylight savings time adjustments)

It appears that these will require rebooting the machine after install.

SuperDave · « **Reply #14 on:** February 23, 2010, 07:55:01 PM »

Quote

Also while I was at work today I re-ran the SuperAntiSpy Software (since it takes awhile to run). I will attach the log below.... it found 4 items, and said that it was able to remove them.

Is this a business computer?

Quote

Should I proceed to the Windows Messenger, HiJack, and Combo Fix now? Despite my inability to do the Jotti page?

Yes. Please proceed with the rest.

Quote

just the hardware firewall on my router.

That won't cause a problem.

Don't bother installing the updates until we get the computer cleaned. Just do the ComboFix scan and paste the report here in your next reply.

Computer Hope Forum

News:

Author Topic: Application cannot be executed. The file *** is infected. (Read 29911 times)

Halogengirlie

Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

SuperDave

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

Halogengirlie

Re: Application cannot be executed. The file *** is infected.

SuperDave

Re: Application cannot be executed. The file *** is infected.