|
-
August 12th, 2009, 01:17 PM
#1
Norton antivirus turned off temp during reboot.
Note: I copied text from this email thread (I have same problem)
http://discussions.virtualdr.com/sho...d.php?t=239400
I will post back my logs shortly...
Whenever I reboot my system I get a warning that my Norton anti virus is turned off and to click the balloon window to "fix this problem".
If I wait a minute or two, my Norton Auto Protect enables and the warning balloon goes away. If I re-install Norton the problem goes away but re-appears soon after. It,s like something is shutting it off at boot up for a liitle bit. I have scanned for viruses and also use spybot and Malware bytes. All report nothing. I am using virus definition file 8/8/2009 rev.3.
I am using Win XP sp2.
-
August 12th, 2009, 04:34 PM
#2
Sounds like a nasty got to you.
I see Nortons still has not plugged that hole.
Post all 4 logs.
-
August 12th, 2009, 07:17 PM
#3
log files
Thanks a lot Train.
Below are the following logs:
a) SuperAntiSpyware log
NOTE: during last step (Quarantine and Removal) the app crashed with "empty virtual function" popup. I think the files were removed successfully.
b) 2 malwarebytes logs:
NOTE: (2) of the regkeys were marked for removal after reboot - however reboot did not clean up these keys. Running malwarebytes again still showed the regkeys as problem.
c) gmer log
d) hijackthis log
-
August 12th, 2009, 07:39 PM
#4
SuperAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/12/2009 at 04:07 PM
Application Version : 4.27.1002
Core Rules Database Version : 4040
Trace Rules Database Version: 1980
Scan type : Complete Scan
Total Scan Time : 02:12:17
Memory items scanned : 200
Memory threats detected : 0
Registry items scanned : 4584
Registry threats detected : 120
File items scanned : 41652
File threats detected : 115
Adware.HotBar/ShopperReports (Low Risk)
C:\Program Files\ShopperReports\Bin\1.0.4.0
C:\Program Files\ShopperReports\Bin
C:\Program Files\ShopperReports
Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKLM\SOFTWARE\FunWebProducts\PopSwatter
HKLM\SOFTWARE\FunWebProducts\PopSwatter#backedUp
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#mwsask
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ps
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Outlook
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts
Adware.Tracking Cookie
C:\Documents and Settings\Jaime\Cookies\jaime@accounts[1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@dmtracker[1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@hitbox[2].txt
C:\Documents and Settings\Jaime\Cookies\jaime@mediaplex[2].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][2].txt
C:\Documents and Settings\Jaime\Cookies\jaime@atdmt[2].txt
C:\Documents and Settings\Jaime\Cookies\jaime@thalesext[1].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@doubleclick[2].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@casalemedia[2].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@revsci[1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@zedo[2].txt
C:\Documents and Settings\Jaime\Cookies\jaime@insightexpressai[2].txt
C:\Documents and Settings\Jaime\Cookies\jaime@tribalfusion[2].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\jaime@apmebf[1].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][2].txt
C:\Documents and Settings\Jaime\Cookies\[email protected][1].txt
E:\c\Documents and Settings\matthew\Cookies\matthew@atwola[1].txt
E:\c\Documents and Settings\matthew\Cookies\matthew@windowsmedia[1].txt
E:\c\Documents and Settings\matthew\Cookies\[email protected][2].txt
E:\c\Documents and Settings\matthew\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\jenn and matt@adbureau(1).txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\m_chong@tripod[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\m_chong@furniturefind[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@count[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@tripod[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@pathfinder[2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\m_chong@wivesexposed[1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@adultrevenueservice[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@iadnet[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][3].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@asiaporno[1].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@adbureau[2].txt
E:\c\Documents and Settings\administrator\Cookies\anyuser@adultrevenueservice[3].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@atwola[1].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqic5mlowydj6x9ny-1seq-2-2.stats.esomniture[1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygjcjikpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqmdzcdoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyokdjchoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyklajaloaidj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykgajgloaidj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkouiazshpaydj6x9ny-1seq-2-2.stats.esomniture[1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyapd5cdogudj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyolc5eepwydj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4snczwgpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmickdzihoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqndpccoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywjajkfqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykkd5ccqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliunczmloawdj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jdjmdqa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmisod5aaqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\[email protected][1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloshdpikoa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyuiazgdqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4endpebqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@atwola[3].txt
E:\c\Documents and Settings\administrator\Cookies\administrator@adcentriconline[2].txt
Trojan.Agent/Gen-AppLocal
J:\WORK\AMD\PROJECTS\HANDHELD_SW\STAGING\QA\TEST_DEVELOPMENT\FRAMEWORK\EDP2\MAKE\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\STAGING\PLATFORMS\GP1\BUILD\GNU\1.0\BIN\MAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND.STG\TOOLS\BUILD\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\Z350_SYSTEM\SYSTEM-BUILD\MAKE_VIEWTY2\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\Z350_SYSTEM\SYSTEM-BUILD\MAKE_CRYSTAL\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\Z350_SYSTEM\SYSTEM-BUILD\MAKE\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\TOOLS\BUILD\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\TOOLS\BUILD\MAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\APP\EXEC\RESOURCE\AUTOPROFILEDB\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\AMD\WISELIB4VIVID\TOOLS\BUILD\MAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\LG\3G\BASEBAND\AMD\PLATFORM\BUILD\GNU\1.0\BIN\MAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\QA\TEST_DEVELOPMENT\FRAMEWORK.WKG2\EDP2\MAKE\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\QA\TEST_DEVELOPMENT\FRAMEWORK.WKG\EDP2\MAKE\GMAKE.EXE
J:\WORK\AMD\PROJECTS\HANDHELD_SW\QA\TEST_DEVELOPMENT\FRAMEWORK\EDP2\MAKE\GMAKE.EXE
-
August 12th, 2009, 07:41 PM
#5
Malwarebytes log (first time run)
Malwarebytes' Anti-Malware 1.40
Database version: 2613
Windows 5.1.2600 Service Pack 2
8/12/09 4:39:38 PM
mbam-log-2009-08-12 (16-39-38).txt
Scan type: Quick Scan
Objects scanned: 112108
Time elapsed: 7 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\hotbar\bin\4.6.1.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
-
August 12th, 2009, 07:42 PM
#6
Malwarebytes log (second scan - cannot remove these entries)
Malwarebytes' Anti-Malware 1.40
Database version: 2613
Windows 5.1.2600 Service Pack 2
8/12/09 5:01:03 PM
mbam-log-2009-08-12 (17-01-03).txt
Scan type: Quick Scan
Objects scanned: 112049
Time elapsed: 6 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
August 12th, 2009, 07:43 PM
#7
gmer log
GMER 1.0.15.15020 [6md7q2ov.exe] - http://www.gmer.net
Rootkit scan 2009-08-12 18:59:40
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT 839E22F0 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEE891DC0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEE892020]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE61C0B0]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device InCDfs.SYS (InCD File System Driver/Ahead Software AG)
Device \FileSystem\Cdfs \Cdfs EDC29400
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs@ {128A6C66-AC6A-4617-8268-AB7F47B7215E}
Reg HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs@ {571715D7-3395-4DF0-B43C-784836209E60}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@ {29D67D3C-509A-4544-903F-C8C1B8236554}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib@ {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib@Version 1.0
---- EOF - GMER 1.0.15 ----
-
August 12th, 2009, 07:43 PM
#8
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:34 PM, on 8/12/09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...eX_Control.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 3723 bytes
-
February 6th, 2010, 09:29 AM
#9
ryehigh17, Hi, need your help, how to contact you?
-
February 6th, 2010, 09:39 AM
#10
 Originally Posted by SERJSOCHI
ryehigh17, Hi, need your help, how to contact you?
Send a private message to ryehigh17
http://discussions.virtualdr.com/pri...=newpm&u=97160
-
February 6th, 2010, 01:49 PM
#11
[Mods, please move it to HJT]
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
