Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: various trojan infection warnings and cannot download .exe  (Read 15884 times)

0 Members and 1 Guest are viewing this topic.

bobbysgirlonly

    Topic Starter


    Rookie

    various trojan infection warnings and cannot download .exe
    « on: August 27, 2008, 08:07:34 PM »
    i am having several issues, but the main one is that i cannot download .exe files. when trying to i get a box that states "your current security settings do not allow this file to download."

    i don't know what security setting they are talking about. i went to the internet options and changed all of the security settings to default, and stupidly i also deleted my AVG antivirus, thinking that was the problem and i would be able to redownload it, but NO, i still can't.  i have reinstalled AVG.

    the other day, i'm sure it is related, but when i have a web page open, from somewhere a "message" starts playing, there are no other windows open and i know it is not coming from the page that i have open.  it is someone speaking, about a gift card, and another was something else, and after a few minutes the whole window would shut down.  this has stopped so far, i didn't do anything except the normal virus scans that run every night

    i cannot restore my system from any of the restore points.  also some of the trojan popups are listed as restore something or other, when i click on heal or move to vault i get no file exsists or something like that. 

    i also created another user on my computer and i am able to download from that user name, just not my current name. and i don't know if it is related, but when i try to switch users, i cannot, i have to log off of the one to access the other.

    another problem, again, i don't know if it is related, but want to give you all the info, under device manager there is an exclamation point by the
    SCSI/RAID CONTROLLERS-then listed is A5Z04NRK IDE controller.

    i don't know what that is and no other info is given about it. i have tried to update the driver, but i get a message saying not available or something, but whenever i reboot or restart, the box pops up that new hardware is found and it wants me to install, but i can't and seeing how i don't even know what this is, i don't know if i have a disc to update anything.

    the last probelm, so far, that i HAVE resolved was that i could not get onto the internet. i checked some back posts online and did a reset of the ip something and the winsock, and that got me back online....it was just this computer that could not access the internet, i have another computer also networked and through the same modem and router and it worked just fine.

    i don't get it this ALL started happening at the same time, ANY help would be greatly apprciated!!  thank you
    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: various trojan infection warnings and cannot download .exe
    « Reply #1 on: August 27, 2008, 11:45:39 PM »
    There are certainly a lot of issues, some of which may not be virus-related.  Let's start here...
    http://www.computerhope.com/forum/index.php/topic,46313.0.html
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey

    bobbysgirlonly

      Topic Starter


      Rookie

      Re: various trojan infection warnings and cannot download .exe
      « Reply #2 on: August 28, 2008, 08:13:52 PM »
      thanks for replying!

      step 1-ok
      step 2-  i couldn't download the .exe file so i ran an old version that i already have
      step 3-ok
      step 4- can't downlaod the .exe file
      step 5-ok
      step 6- i could do the installing and changing name, but i did just run the program and the log is below (have to make seperate posts posts....too long)

      Logged

      bobbysgirlonly

        Topic Starter


        Rookie

        Re: various trojan infection warnings and cannot download .exe
        « Reply #3 on: August 28, 2008, 08:15:25 PM »
        here is the spyware log  PART1

        SUPERAntiSpyware Scan Log
        http://www.superantispyware.com

        Generated 08/28/2008 at 07:18 AM

        Application Version : 4.15.1000

        Core Rules Database Version : 3550
        Trace Rules Database Version: 1538

        Scan type       : Complete Scan
        Total Scan Time : 04:48:58

        Memory items scanned      : 493
        Memory threats detected   : 9
        Registry items scanned    : 6952
        Registry threats detected : 228
        File items scanned        : 203621
        File threats detected     : 94

        Trojan.Unclassified/AFinding
           C:\WINNT\SYSTEM32\AFINDING.EXE
           C:\WINNT\SYSTEM32\AFINDING.EXE
           C:\WINNT\Prefetch\AFINDING.EXE-140E2AAA.pf

        Trojan.Unclassified/Routing-C
           C:\WINNT\SYSTEM32\ROUTING.EXE
           C:\WINNT\SYSTEM32\ROUTING.EXE
           C:\WINNT\Prefetch\ROUTING.EXE-0171ABE9.pf

        Trojan.Unclassified/WServing
           C:\WINNT\SYSTEM32\WSERVING.EXE
           C:\WINNT\SYSTEM32\WSERVING.EXE
           C:\WINNT\Prefetch\WSERVING.EXE-059E66CB.pf

        Trojan.Downloader-Gen
           C:\WINNT\SYSTEM32\NOXTCYR.EXE
           C:\WINNT\SYSTEM32\NOXTCYR.EXE
           C:\WINNT\SYSTEM32\WSLDOEKD.EXE
           C:\WINNT\SYSTEM32\WSLDOEKD.EXE
           C:\WINNT\SYSTEM32\AFISICX.EXE
           C:\WINNT\SYSTEM32\AFISICX.EXE
           C:\WINNT\SYSTEM32\ODUXFTW.SYS
           C:\WINNT\Prefetch\AFISICX.EXE-00E77411.pf
           C:\WINNT\Prefetch\NOXTCYR.EXE-22BE6428.pf
           C:\WINNT\Prefetch\ODUXFTW.SYS-305E05DA.pf
           C:\WINNT\Prefetch\WSLDOEKD.EXE-1943F162.pf

        Trojan.Unclassified/TDXDOWKC
           C:\WINNT\SYSTEM32\TDXDOWKC.EXE
           C:\WINNT\SYSTEM32\TDXDOWKC.EXE
           C:\WINNT\Prefetch\TDXDOWKC.EXE-03085329.pf

        Trojan.Unclassified/MACIDWE
           C:\WINNT\SYSTEM32\MACIDWE.EXE
           C:\WINNT\SYSTEM32\MACIDWE.EXE
           C:\WINNT\Prefetch\MACIDWE.EXE-146F4834.pf

        Trojan.Unclassified/SOBICYT
           C:\WINNT\SYSTEM32\SOBICYT.EXE
           C:\WINNT\SYSTEM32\SOBICYT.EXE
           C:\WINNT\Prefetch\SOBICYT.EXE-02B25CC8.pf

        Adware.180solutions/ZangoSearch
           C:\Program Files\Zango\bin\10.3.37.0
           C:\Program Files\Zango\bin
           C:\Program Files\Zango

        Adware.Zango Toolbar/Hb
           HKU\S-1-5-21-2988323194-1629198992-178024722-1003\Software\zangosa
           C:\Documents and Settings\Owner\Application Data\Zango\IESkins
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\dynamic
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\static
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\dynamic
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\static
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1013357.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1066422.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\2355839.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3894408.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\48657.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\980767.sdf
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16173
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16182
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\205324
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\294723
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\297534
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34149
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35020
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39228
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\422734
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\48241
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\490133
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49700
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59221
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63169
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63882
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69625
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69626
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\711791
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738460
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744380
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744999
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745269
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749648
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79977
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79986
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.idx
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango
           C:\Documents and Settings\Owner\Application Data\Zango\v3.0
           C:\Documents and Settings\Owner\Application Data\Zango

        Logged

        bobbysgirlonly

          Topic Starter


          Rookie

          Re: various trojan infection warnings and cannot download .exe
          « Reply #4 on: August 28, 2008, 08:15:53 PM »
          PART 2

          Adware.Zango/ShoppingReport
             HKCR\CntntCntr.CntntDic
             HKCR\CntntCntr.CntntDic\CLSID
             HKCR\CntntCntr.CntntDic\CurVer
             HKCR\CntntCntr.CntntDic.1
             HKCR\CntntCntr.CntntDic.1\CLSID
             HKCR\CntntCntr.CntntDisp
             HKCR\CntntCntr.CntntDisp\CLSID
             HKCR\CntntCntr.CntntDisp\CurVer
             HKCR\CntntCntr.CntntDisp.1
             HKCR\CntntCntr.CntntDisp.1\CLSID
             HKCR\WeatherDPA.WeatherController
             HKCR\WeatherDPA.WeatherController\CLSID
             HKCR\WeatherDPA.WeatherController\CurVer
             HKCR\WeatherDPA.WeatherController.1
             HKCR\WeatherDPA.WeatherController.1\CLSID
             HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}
             HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}\Implemented Categories
             HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}\Implemented Categories\{4EE211FA-DB2E-4D5F-A9B9-9101C5D11D36}
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\0
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\0\win32
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\FLAGS
             HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\HELPDIR
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\0
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\0\win32
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\FLAGS
             HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\HELPDIR
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\0
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\0\win32
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\FLAGS
             HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\HELPDIR
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\0
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\0\win32
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\FLAGS
             HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\HELPDIR
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\0
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\0\win32
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\FLAGS
             HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\HELPDIR
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\0
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\0\win32
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\FLAGS
             HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\HELPDIR
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\0
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\0\win32
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\FLAGS
             HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\HELPDIR
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\0
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\0\win32
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\FLAGS
             HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\HELPDIR
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}\1.0
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}\1.0\0
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}\1.0\0\win32
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}\1.0\FLAGS
             HKCR\TypeLib\{E2BED8CC-0986-44AF-9C47-F730D79413F9}\1.0\HELPDIR
             HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}
             HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\ProxyStubClsid
             HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\ProxyStubClsid32
             HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\TypeLib
             HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\TypeLib#Version
             HKCR\Interface\{15B13E59-924A-4938-AE3C-C4F625F0B1D0}
             HKCR\Interface\{15B13E59-924A-4938-AE3C-C4F625F0B1D0}\ProxyStubClsid
             HKCR\Interface\{15B13E59-924A-4938-AE3C-C4F625F0B1D0}\ProxyStubClsid32
             HKCR\Interface\{15B13E59-924A-4938-AE3C-C4F625F0B1D0}\TypeLib
             HKCR\Interface\{15B13E59-924A-4938-AE3C-C4F625F0B1D0}\TypeLib#Version
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid32
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib
             HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib#Version
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid32
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib
             HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib#Version
             HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
             HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid
             HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid32
             HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib
             HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib#Version
             HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
             HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid
             HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32
             HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib
             HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib
             HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid32
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib
             HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib#Version
             HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
             HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid
             HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid32
             HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib
             HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib#Version
             HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
             HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid
             HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid32
             HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib
             HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib#Version
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid32
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib
             HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib#Version
             HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
             HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid
             HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid32
             HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib
             HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib#Version
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib
             HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib
             HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid32
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib
             HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib#Version
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid32
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib
             HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib#Version
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid32
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib
             HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib#Version
             HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
             HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid
             HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid32
             HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib
             HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib#Version
             HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
             HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid
             HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid32
             HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib
             HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib#Version
             HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
             HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid
             HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid32
             HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib
             HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib#Version
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid32
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib
             HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib#Version
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid32
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib
             HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib#Version
             HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
             HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid
             HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid32
             HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib
             HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib#Version
             HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}
             HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid
             HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid32
             HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib
             HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib#Version
             HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
             HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid
             HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid32
             HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib
             HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib#Version
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib
             HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version
             HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
             HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid
             HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid32
             HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib
             HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib#Version
             HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
             HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid
             HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32
             HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib
             HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid32
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib
             HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib#Version
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib
             HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version
             HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
             HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid
             HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid32
             HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib
             HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib#Version
             C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML
             C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherDPA
             C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather\WeatherStartup.xml
             C:\Documents and Settings\Owner\Application Data\WeatherDPA\Weather
             C:\Documents and Settings\Owner\Application Data\WeatherDPA

          Adware.Tracking Cookie
             C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
             C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
             C:\Documents and Settings\test\Cookies\test@2o7[1].txt
             C:\Documents and Settings\test\Cookies\[email protected][1].txt
             C:\Documents and Settings\test\Cookies\[email protected][1].txt
             C:\Documents and Settings\test\Cookies\[email protected][1].txt
             C:\Documents and Settings\test\Cookies\test@atwola[1].txt
             C:\Documents and Settings\test\Cookies\[email protected][1].txt
             C:\Documents and Settings\test\Cookies\test@specificclick[1].txt

          BearShare File Sharing Client
             C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
          Logged

          bobbysgirlonly

            Topic Starter


            Rookie

            Re: various trojan infection warnings and cannot download .exe
            « Reply #5 on: August 28, 2008, 08:16:29 PM »
            HIGHJACK THIS LOG:


            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 8:08:53 PM, on 8/28/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINNT\System32\smss.exe
            C:\WINNT\system32\winlogon.exe
            C:\WINNT\system32\services.exe
            C:\WINNT\system32\lsass.exe
            C:\WINNT\system32\svchost.exe
            C:\WINNT\System32\svchost.exe
            C:\WINNT\system32\svchost.exe
            C:\WINNT\system32\LEXBCES.EXE
            C:\WINNT\system32\spoolsv.exe
            C:\WINNT\system32\LEXPPS.EXE
            C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
            C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\WINNT\System32\svchost.exe
            C:\WINNT\system32\roxtctm.exe
            C:\PROGRA~1\AVG\AVG8\avgrsx.exe
            C:\WINNT\System32\svchost.exe
            C:\PROGRA~1\AVG\AVG8\avgemc.exe
            C:\WINNT\Explorer.EXE
            C:\WINNT\system32\SK9910DM.EXE
            C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
            C:\WINNT\system32\hkcmd.exe
            C:\WINNT\GWMDMMSG.exe
            C:\Program Files\Logitech\MouseWare\system\em_exec.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\PROGRA~1\AVG\AVG8\avgtray.exe
            C:\Program Files\AWS\WeatherBug\Weather.exe
            C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
            C:\WINNT\system32\ctfmon.exe
            C:\PROGRA~1\Magentic\bin\MgApp.exe
            C:\Program Files\IncrediMail\bin\IMApp.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
            C:\Program Files\IncrediMail\bin\ImNotfy.exe
            C:\Documents and Settings\Owner\Desktop\sniper.exe.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
            O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
            O2 - BHO: (no name) - {7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} - (no file)
            O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
            O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
            O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
            O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
            O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
            O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
            O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
            O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
            O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
            O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [EPSON Stylus Photo RX600 (Copy 1)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P33 "EPSON Stylus Photo RX600 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo RX600"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
            O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
            O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
            O4 - HKUS\S-1-5-18\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Default user')
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
            O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
            O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
            O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
            O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
            O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
            O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
            O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.3.4.64/checkeredflag/checkeredflag-ob-assets.cab
            O16 - DPF: Sametime Meeting Toolkit ST25 -
            O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
            O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
            O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
            O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
            O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
            O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
            O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud12.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
            O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
            O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
            O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
            O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
            O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
            O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
            O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
            O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
            O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
            O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
            O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
            O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
            O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
            O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
            O20 - AppInit_DLLs: AVGRSSTX.DLL,avgrsstx.dll
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
            O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
            O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINNT\system32\AFinding.exe (file missing)
            O23 - Service: afisicx  Manages  messages (afisicx) - Unknown owner - C:\WINNT\system32\afisicx.exe (file missing)
            O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
            O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINNT\system32\macidwe.exe (file missing)
            O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
            O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINNT\system32\Nobicyt.exe (file missing)
            O23 - Service: noxtcyr  Corporation inc. (noxtcyr) - Unknown owner - C:\WINNT\system32\noxtcyr.exe (file missing)
            O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINNT\system32\perfs.exe (file missing)
            O23 - Service: routing Service (routing) - Unknown owner - C:\WINNT\system32\routing.exe (file missing)
            O23 - Service: roxtctm  Co. Ltd. (roxtctm) - Unknown owner - C:\WINNT\system32\roxtctm.exe
            O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINNT\system32\sobicyt.exe (file missing)
            O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINNT\system32\tdxdowkc.exe (file missing)
            O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINNT\system32\WServing.exe (file missing)
            O23 - Service: wsldoekd  Manages  messages (wsldoekd) - Unknown owner - C:\WINNT\system32\wsldoekd.exe (file missing)

            --
            End of file - 11316 bytes
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: various trojan infection warnings and cannot download .exe
            « Reply #6 on: August 28, 2008, 08:55:16 PM »
            I see why you were having so many problems. Very bad infection! But it is fixable.


            Open HijackThis and select Do a system scan only.

            Place a check mark next to the following entries: (if there)

            • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
            • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
            • O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
            • O2 - BHO: (no name) - {7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} - (no file)
            • O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
            • O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
            • O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
            • O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
            • O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
            • O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
            • O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
            • O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINNT\system32\AFinding.exe (file missing)
            • O23 - Service: afisicx Manages messages (afisicx) - Unknown owner - C:\WINNT\system32\afisicx.exe (file missing)
            • O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINNT\system32\macidwe.exe (file missing)
            • O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINNT\system32\Nobicyt.exe (file missing)
            • O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINNT\system32\noxtcyr.exe (file missing)
            • O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINNT\system32\perfs.exe (file missing)
            • O23 - Service: routing Service (routing) - Unknown owner - C:\WINNT\system32\routing.exe (file missing)
            • O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINNT\system32\roxtctm.exe
            • O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINNT\system32\sobicyt.exe (file missing)
            • O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINNT\system32\tdxdowkc.exe (file missing)
            • O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINNT\system32\WServing.exe (file missing)
            • O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\WINNT\system32\wsldoekd.exe (file missing)
            .
            Important: Close all windows except for HijackThis and then click Fix checked.

            Exit HijackThis.

            ----------

            Please download this file ComboFix to your Desktop but do not run it yet.

            1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
            It must be Notepad, not Wordpad.
            2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

            Code: [Select]
            KillAll::

            File::
            C:\WINNT\system32\AFinding.exe
            C:\WINNT\system32\afisicx.exe
            C:\WINNT\system32\macidwe.exe
            C:\WINNT\system32\Nobicyt.exe
            C:\WINNT\system32\noxtcyr.exe
            C:\WINNT\system32\perfs.exe
            C:\WINNT\system32\routing.exe
            C:\WINNT\system32\roxtctm.exe
            C:\WINNT\system32\sobicyt.exe
            C:\WINNT\system32\tdxdowkc.exe
            C:\WINNT\system32\WServing.exe
            C:\WINNT\system32\wsldoekd.exe
            3. Go to the Notepad window and click Edit > Paste
            4. Then click File > Save
            5. Name the file CFScript.txt - Save the file to your Desktop
            6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



            ComboFix will begin to execute, just follow the prompts.
            After reboot (in case it asks to reboot), it will produce a log for you.
            Post that log (Combofix.txt) in your next reply.

            Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
            Logged

            bobbysgirlonly

              Topic Starter


              Rookie

              Re: various trojan infection warnings and cannot download .exe
              « Reply #7 on: August 28, 2008, 10:23:09 PM »
              thanks for the quick reply

              i did the highjack this part you described, but i can NOT download the combofix thing......i still cannot download any .exe files, is there a .zip file for that??

              thanks again, i finally have some hope that this can finally be fixed!!
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: various trojan infection warnings and cannot download .exe
              « Reply #8 on: August 28, 2008, 10:36:45 PM »
              Lets try this.

              Go to Start > Run and type Notepad.exe then click OK.

              Copy and paste the following text within the code box into the new Notepad file.

              Code: [Select]
              @ECHO OFF
              sc stop afinding
              sc delete afinding
              sc stop afisicx
              sc delete afisicx
              sc stop macidwe
              sc delete macidwe
              sc stop nobicyt
              sc delete nobicyt
              sc stop perfs
              sc delete perfs
              sc stop routing
              sc delete routing
              sc stop roxtctm
              sc delete roxtctm
              sc stop sobicyt
              sc delete sobicyt
              sc stop tdxdowkc
              sc delete tdxdowkc
              sc stop wserving
              sc delete wserving
              sc stop wsldoekd
              sc delete wsldoekd
              sc stop noxtcyr
              sc delete noxtcyr
              exit
              In Notepad select File and Save as
              Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

              Next double click fixservice.bat to run it.
              A black box should open and close after a short time, this is normal.
              Do not continue until the black box has closed
              Delete fixservice.bat from the Desktop and restart the computer.

              Now try to download and run ComboFix.
              Logged

              bobbysgirlonly

                Topic Starter


                Rookie

                Re: various trojan infection warnings and cannot download .exe
                « Reply #9 on: August 28, 2008, 11:19:29 PM »
                i still cannot download it, i keep getting this:

                well i got a screen shot of it, but i don't know how to insert images here.....

                i did remember that if i switch users, i can download on the other user i made, i will try to access that from there and download........i'll let you know if it works.
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: various trojan infection warnings and cannot download .exe
                « Reply #10 on: August 28, 2008, 11:20:42 PM »
                Post a new HijackThis log so I can see if the fixme.bat worked.
                Logged

                bobbysgirlonly

                  Topic Starter


                  Rookie

                  Re: various trojan infection warnings and cannot download .exe
                  « Reply #11 on: August 28, 2008, 11:43:48 PM »
                  well i thought i had it, i dowloaded it to my desktop from the other username, it was on my desktop, but when i would drag the file over to it i would get the errorwindows cannot access the specified device, path, or file.  you may not have the appropriate permission to access the item.

                  here is the current HJT log

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 1:41:10 AM, on 8/29/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINNT\System32\smss.exe
                  C:\WINNT\system32\winlogon.exe
                  C:\WINNT\system32\services.exe
                  C:\WINNT\system32\lsass.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\System32\svchost.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\system32\LEXBCES.EXE
                  C:\WINNT\system32\spoolsv.exe
                  C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\WINNT\System32\svchost.exe
                  C:\WINNT\system32\sotpeca.exe
                  C:\WINNT\System32\svchost.exe
                  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                  C:\PROGRA~1\AVG\AVG8\avgemc.exe
                  C:\WINNT\Explorer.EXE
                  C:\WINNT\system32\SK9910DM.EXE
                  C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
                  C:\WINNT\system32\hkcmd.exe
                  C:\WINNT\GWMDMMSG.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
                  C:\Program Files\AWS\WeatherBug\Weather.exe
                  C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
                  C:\WINNT\system32\ctfmon.exe
                  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
                  C:\PROGRA~1\Magentic\bin\MgApp.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
                  C:\Documents and Settings\Owner\Desktop\sniper.exe.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
                  O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
                  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                  O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
                  O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
                  O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
                  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
                  O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
                  O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [EPSON Stylus Photo RX600 (Copy 1)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P33 "EPSON Stylus Photo RX600 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo RX600"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
                  O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
                  O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
                  O4 - HKUS\S-1-5-18\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
                  O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
                  O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
                  O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
                  O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.3.4.64/checkeredflag/checkeredflag-ob-assets.cab
                  O16 - DPF: Sametime Meeting Toolkit ST25 -
                  O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
                  O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
                  O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
                  O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
                  O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
                  O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
                  O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud12.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
                  O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND=
                  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                  O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
                  O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
                  O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
                  O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
                  O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
                  O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
                  O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
                  O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
                  O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
                  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                  O20 - AppInit_DLLs: AVGRSSTX.DLL,avgrsstx.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
                  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
                  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
                  O23 - Service: sotpeca  Portable Media Serial Service (sotpeca) - Unknown owner - C:\WINNT\system32\sotpeca.exe

                  --
                  End of file - 8785 bytes
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: various trojan infection warnings and cannot download .exe
                  « Reply #12 on: August 28, 2008, 11:48:25 PM »
                  Just try to run ComboFix with the below instructions.

                  Note: If you get an error then right click and rename ComboFix to Combo-Fix then try again.

                  Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
                   
                  Double click combofix.exe & follow the prompts.
                  When finished ComboFix will produce a log for you.
                  Post the ComboFix log in your next reply.

                  Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
                  Logged

                  bobbysgirlonly

                    Topic Starter


                    Rookie

                    Re: various trojan infection warnings and cannot download .exe
                    « Reply #13 on: August 28, 2008, 11:58:27 PM »
                    ok, combo fix hates me!

                    i still keep getting the same error, even after renaming it

                    can i try and run it under the other user name, or will it not access all the same files or whatever needs fixed??
                    Logged

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                      • Genius
                    • Calm like a bomb
                      • Thanked: 493
                    • Experience: Experienced
                    • OS: Windows 11
                    Re: various trojan infection warnings and cannot download .exe
                    « Reply #14 on: August 29, 2008, 12:00:55 AM »
                    Try this. If it doesn't work then try to run it from the other account.

                    Close all other browser windows.
                     
                    Go to Start > Run and copy/paste in the following:

                    "%userprofile%\desktop\combo-fix.exe" /killall

                    Press Enter and Combofix will begin to run.
                     
                    When finished, it will produce a log file located at C:\ComboFix.txt
                     
                    Post the contents of that log in your next reply.

                    Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.
                    Logged
                    Pages: [1] 2 3  All   Go Up
                    « previous next »