Search:

Sorry for the delay... Here's the data:

OTL logfile created on: 5/4/2011 12:10:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP...

Hi Blade,

Sorry for the delay... implementation week... been working till very late every day.

Please don't close the thread. I will provide the information no later than next Tuesday.
...

Hi blade,

That line is not in the file. I dual boot this box with OpenSuse. Cat is a command to display the contents of a file. So that first line is actually what I type in the command prompt,...

Here's to confirm the contents of the file:


victor@opensuse:/windows/C/Documents and Settings/Administrator/Desktop> cat CFScript.txt
Driver::
MJW
SZGMOLOKODUDDNMJ
XU
File::...

Sorry for the delay.

Tried running combofix (safe mode) and I'm getting a weird file name error... doesn't make sense. I searched online for a solution and the only I could find was to move...

It ran ok in safe mode. :)

===============================

ComboFix 11-04-12.02 - Administrator 04/14/2011 15:52:27.1.4 - x86 NETWORK
Microsoft Windows XP Professional ...

Tried that as well... no luck. System still freezes.

Have been fighting with this without success. Had problems removing AVG, but got that figured out.

Now I'm not able to run combofix. Ran a few times and it freezes my PC forcing me to do a hard...

Hi Blade81,

Sorry for the late reply. Haven't had a chance to run your instructions.

I downloaded combo fix and tried running, however I have Free AVG installed. I know I need to uninstall it,...

##################
f-secure
##################
19 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected) ...

##################
OTL.txt
##################
OTL logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Victor\Desktop ...

Thank you for the reply and your time. Here's the requested information:

##################
Extras.txt
##################
OTL Extras logfile created on: 4/5/2011 10:52:00 PM - Run 1
OTL by...

Hi all,

My dds is locking up and SpyBot does not show any issue. Not sure what else I can do.

Here are the steps I have taken so far (I can post the logs if needed, but read on "Before you...

Found this after more research...

http://www.adwarereport.com/mt/archives/000325.html

It's really an AVG bug....


Vic

Hi all,

I hope I'm not breaking any forum rule!!!!! Just came up with something I though I'd share.

My mother computer which runs on free AVG detected a Trojan located at...

Hi Tashi & Illukka,


Sorry for the delay. I checked all computers at home and could not find anything... Got my internet running again.

The only problem is that now, the local area network...

Hi Illukka,


Sorry for the delay in answering you back. Rogers, my ISP in Canada, has blocked my internet connection due to continuous MX Server access request. They state that one of the PCs...

Done!!! Here are the logs


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created...

Hi Illukka,

Thanks a lot for the reply. I have runned the program and am pasting the report bellow.

I must apologize, but I did not understand the "process.exe" issue. It's a command line...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 12:56:55 PM
Operating System: Microsoft Windows XP...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:24:59 AM 8/25/2006

+...

Hi all,

Can someone help me with this? This is a bad one......


Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 1:04:17 PM, on 8/25/2006
Platform: Windows XP (WinNT 5.01.2600)

Hi Phil,

Thanks a lot for all the info. I installed ZoneAlarm, SpywareBlaster and updated my hosts file on my pc. Also did some changes to my IE security settings. Hopefully now I can keep it...

Hi Phil,

Sorry for the delay in replying, I spent the whole day yesterday running scans and trying to clean up as much as I could.

I could not find file C:\WINDOWS\ms062415127673.exe to...

F:\Files from other PC\imported files\outlook\Deleted Items.dbx/[From admin@yahoo.ca][Date Wed, 6 Aug 2003 05:18:26 -0500]/UNNAMED/text Infected: Email-Worm.Win32.Mimail.txt skipped
F:\Files from...

C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Outlook\Deleted Items.dbx/[From Get your favorite music <mail3@mail.bigwinnerz.com>][Date Wed, 6 Aug 2003 05:18:26...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76CD324E Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\711D10C3 Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E7A384E Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65275125 Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B5F7C86 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D64E81.tmp/document.txt .exe Infected:...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48240A18 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFF2A7A CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F4B16A3 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24236955 Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A0C27CF Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\110737E7 Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\085457D3.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application...

Forgot to mention the file names from RECYCLER
S-1-5-21-1935655697-1972579041-725345543-500
S-1-5-21-1935655697-1972579041-725345543-1003
...

Hi Phil, I'm actually you neighbor, I live in Toronto. I think working with some british friends rubbed that "cheers" on me.... :)

Ok, I deleted everything on NPROTECT including the folder,...

Sorry, forgot to mention the AntiVirus Issue. I had Norton before but switched to Avast. Seems that Norton did not uninstall completelly.

Hi Phil,

I was not able to find and delete file C:\WINDOWS\ms062415127673.exe and folder Rar$EX01.235, however Temp and Prefetch folder's were emptied.

Computer seems to be running ok with...

I tried to post my Ewido log, but it has 616410 characters, when only 20000 is allowed.

I'm not able to post as an attachment as it has 1204kb and I can only post 34kb. Should I brake the file...

Hi pskelley!! Thanks a lot for your help.

File C:\DOCUME~1\Victor\LOCALS~1\Temp\Rar$EX01.235\WLM8patch(livemessenger.net).exe is a patch for Live Messenger. I uninstalled the software, but...

Hi all,

I got hit with command service as well as another malware programs (Surfersidekick III and others).

I was able to delete all other malwares, but of course I could not remove Command...