pratt
2007-09-17, 11:35
Hi
I have a problem when I open IE my home page opens but then a number of other unwanted pages open with advertizing matterial. I have instaled current version of spybot with the current updates, when I ran the spybot it identified a number of problems , (Microsoft Windows IE Firewall by pass)was one. After removing these items using the spybot program I still have the original problem of the unwanted pages appearing.
I have attached the Kaspersky scan file to this request
Regards
Pratt
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 17, 2007 6:14:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 17/09/2007
Kaspersky Anti-Virus database records: 419633
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 101501
Number of viruses found: 4
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:09:35
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Peter\Application Data\Settings Seek Dupe\obj proc.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Application Data\Settings Seek Dupe\PlanDeadWipe.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Acr47F3.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\bisF2.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Perflib_Perfdata_8dc.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta1A.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta2.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta2FB.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\~DFCE87.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\~DFCE93.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip ZIP: infected - 2 skipped
C:\I386\DateMakerAustraliaupdate.exe Infected: not-a-virus:Dialer.Win32.gen skipped
C:\I386\dload.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Log.txt Object is locked skipped
C:\Old hard disk\WINDOWS\Access.exe Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial skipped
C:\Old hard disk\WINDOWS\DIALPASS\Internet Sex Provider\ACCESS.exe Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1339\A0061517.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1344\A0061848.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1344\A0061850.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1345\A0061881.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1348\A0062164.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1348\A0062166.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1349\A0062216.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1353\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5A9620C4-4479-4E7B-A3A1-5A4E4986F809}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I have a problem when I open IE my home page opens but then a number of other unwanted pages open with advertizing matterial. I have instaled current version of spybot with the current updates, when I ran the spybot it identified a number of problems , (Microsoft Windows IE Firewall by pass)was one. After removing these items using the spybot program I still have the original problem of the unwanted pages appearing.
I have attached the Kaspersky scan file to this request
Regards
Pratt
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 17, 2007 6:14:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 17/09/2007
Kaspersky Anti-Virus database records: 419633
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 101501
Number of viruses found: 4
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:09:35
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Peter\Application Data\Settings Seek Dupe\obj proc.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Application Data\Settings Seek Dupe\PlanDeadWipe.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Acr47F3.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\bisF2.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\Perflib_Perfdata_8dc.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta1A.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta2.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\sta2FB.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Local Settings\Temp\~DFCE87.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temp\~DFCE93.tmp Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat Object is locked skipped
C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Peter\Shared\dean martin pizza pie LimeWire Download Accelerator.zip ZIP: infected - 2 skipped
C:\I386\DateMakerAustraliaupdate.exe Infected: not-a-virus:Dialer.Win32.gen skipped
C:\I386\dload.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Log.txt Object is locked skipped
C:\Old hard disk\WINDOWS\Access.exe Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial skipped
C:\Old hard disk\WINDOWS\DIALPASS\Internet Sex Provider\ACCESS.exe Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1339\A0061517.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1344\A0061848.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1344\A0061850.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1345\A0061881.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1348\A0062164.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1348\A0062166.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1349\A0062216.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{A8179D57-8FBB-4AA4-AB2E-E031244E5312}\RP1353\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5A9620C4-4479-4E7B-A3A1-5A4E4986F809}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.