Browser Pop-Ups linking to "ErrorSafe"

S

snickers

New member
Hi
I have been receiving browser pop-ups (or new windows) every now and again. I haven't been able to identify the cause however I susspect a virus or malicious application.

I have followed the instructions in http://forums.spybot.info/showthread.php?t=288

I have scanned my system with Panda Software's Activescan antivirus and the following is the log from that scan:
---------------------------------------------------------------------------------


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.revenue.net/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cookies.txt[.as-us.falkag.net/]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f047444-3bb4bf9d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f047444-3bb4bf9d.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f047444-3bb4bf9d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f047444-3bb4bf9d.zip[Beyond.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[2].txt
Potentially unwanted tool:Application/Pskill.A Not disinfected E:\Downloads\PS_Tools.zip[pskill.exe]
Potentially unwanted tool:Application/Psexec.A Not disinfected E:\Downloads\PS_Tools.zip[psexec.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Downloads\Virus Protection\VundoFix.exe[process.exe]
Potentially unwanted tool:Application/Psexec.A Not disinfected I:\serverbkp\D-Drive\Tools\psexec.exe
Potentially unwanted tool:Application/Pskill.A Not disinfected I:\serverbkp\D-Drive\Tools\pskill.exe

---------------------------------------------------------------------------------



The following is the log from HJT

---------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:08:02 PM, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IE-Disable.lnk = C:\EzyTools\IE-Disable.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D9EFDCC-DF85-436F-B58C-838A744361B5}: NameServer = 10.16.24.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D9EFDCC-DF85-436F-B58C-838A744361B5}: NameServer = 10.16.24.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)



---------------------------------------------------------------------------------


Thank you for your help!
 
Browser Pop-Ups linking to "ErrorSafe"

Hi


O4 - Global Startup: IE-Disable.lnk = C:\EzyTools\IE-Disable.bat
Is that a tool from sourcefourge ?

Post a report from this tool if any FILES show
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.


Also redownload and run vundofix, its updated frequently
http://www.atribune.org/content/view/24/2/
 
Hi

The script "C:\EzyTools\IE-Disable.bat" is actually something I wrote, all it does is use xcacls to remove the permissions on the Internet Explorer pages to prevent it from being used. It was just on of the steps I took after my last dusting. (also based on a security process my work had been using)

The following is the log from BlackLight
---------------------------------------------------------------------------------
07/19/06 00:31:19 [Info]: BlackLight Engine 1.0.42 initialized
07/19/06 00:31:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/19/06 00:31:19 [Note]: 7019 4
07/19/06 00:31:19 [Note]: 7005 0
07/19/06 00:31:23 [Note]: 7006 0
07/19/06 00:31:23 [Note]: 7011 1992
07/19/06 00:31:23 [Note]: 7026 0
07/19/06 00:31:23 [Note]: 7026 0
07/19/06 00:31:29 [Note]: FSRAW library version 1.7.1019
07/19/06 00:32:28 [Note]: 2000 1006
07/19/06 00:32:50 [Note]: 7007 0
---------------------------------------------------------------------------------


I also re-downloaded and ran vundofix but it did not report any files to be removed.

I look forward to your reply.
 
rename your hijackthis
C:\Program Files\HijackThis\HijackThis.exe
to for example hjt.exe run and post another log
 
This topic is closed due to lack of a response to helper. :spider:

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.
 
Hi
Thank you tashi for re-opening this topic, and my apologises to LonnyRJones for the drop in response, it was never my intention, i was dragged away from home by work and did not have a chance to finish the steps provided in the last post by LonnyRJones.

The following is the new HJT log as requested.

---------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:48:48 PM, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\HijackThis\hjt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IE-Disable.lnk = C:\EzyTools\IE-Disable.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D9EFDCC-DF85-436F-B58C-838A744361B5}: NameServer = 10.16.24.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D9EFDCC-DF85-436F-B58C-838A744361B5}: NameServer = 10.16.24.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

---------------------------------------------------------------------------------


I look forward to your reply and once again thank you for your assistance with this.

:)
 
I'm not seeing anything yet, Let's dig a Little deeper.

Download and run Silentrunners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click no to not skip the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.

Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
 
Hi
I too couldn't see anything in the previous logs (but then again my eye is not trainned, thats why im here).....
I have followed your instructions and the log files are as follows:

---------------------------------------------------------------------------------
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "ITPropertyPage Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0BC1E559-9D68-4E99-AFD9-98D27DAB971D}\(Default) = "TreeSize FolderSizeColumn"
-> {HKLM...CLSID} = "ColHandler"
\InProcServer32\(Default) = "C:\PROGRA~1\JAMSOF~1\TREESI~1\FSizeCol.dll" ["JAM Software"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Matt" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\Matt\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"IE-Disable" -> shortcut to: "C:\EzyTools\IE-Disable.bat" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 11210 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Remote Administrator Service, r_server, ""C:\WINDOWS\system32\r_server.exe" /service" [null data]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDF995 Monitor\Driver = "pdf995mon.dll" [null data]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 10 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 21 seconds.
---------- (total run time: 54 seconds)
---------------------------------------------------------------------------------
 
Part 1 of the log from Kaspersky.com virus scan
---------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 30, 2006 12:00:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 209781
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 76122
Number of viruses found: 18
Number of infected objects: 143 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:31:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/adimage.dl_/adimage.dl_ Infected: not-a-virus:AdWare.Win32.Aureate skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/adimage.dl_ Infected: not-a-virus:AdWare.Win32.Aureate skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/Amcis2.dl_/Amcis2.dl_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/Amcis2.dl_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/htmdeng.ex_/htmdeng.ex_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/htmdeng.ex_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/msipcsv.ex_/msipcsv.ex_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/msipcsv.ex_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/ipcclient.dl_/ipcclient.dl_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/ipcclient.dl_ Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/tfde.dl_/tfde.dl_ Infected: not-a-virus:AdWare.Win32.Aureate skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip/tfde.dl_ Infected: not-a-virus:AdWare.Win32.Aureate skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040/ezmtscfg.zip Infected: not-a-virus:AdWare.Win32.Aureate skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040 ZIP: infected - 13 skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\EzMTS.zip.bac_a02040 CryptFF.b: infected - 13 skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/MatrixScreenSavers.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Adobe Photoshop 7.0 Pro Installer.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.zip Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Norton Anti-Virus Professional 2004.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Mcafee Virus Scan Full Version.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/Nero Ultra CD Burning ROM Full Version.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/Install.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/GoWebSite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/mySetp.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/iexplorr23.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/iexplorr11.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/iexplorr22.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe/iexplorr24.dll Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040/ICQ Lite.exe Infected: not-a-virus:AdWare.Win32.GoWebSite skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040 ZIP: infected - 55 skipped
C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe.bac_a02040 CryptFF.b: infected - 55 skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\cert8.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\history.dat Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\key3.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\parent.lock Object is locked skipped
C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\83a7qp2e.default\Cache\_CACHE_MAP_ Object is locked skipped
---------------------------------------------------------------------------------
 
Part 2 of the log from Kaspersky.com virus scan
---------------------------------------------------------------------------------
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matt\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\pfirewall.log Object is locked skipped
C:\Program Files\Radmin\AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Radmin\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Radmin Viewer 3.0\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.30 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7BE4F163-D79A-4BCC-861C-89C4D916BBD8}\RP220\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{839A88B0-89C2-437F-8A50-3F2C5EA510D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\admdll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4061.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
C:\WINDOWS\system32\Logfiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\nvsvc32.log Object is locked skipped
C:\WINDOWS\system32\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe(R) Photoshop(R) CS2\setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Adobe(R) Photoshop(R) CS2\setup.exe NSIS: infected - 1 skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen\Photoshop CS2 v9.0 + working KeyGen\Photoshop CS2\Setup.exe NSIS: infected - 1 skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen.rar/Photoshop CS2 v9.0 + working KeyGen/Photoshop CS2/Adobe(R) Photoshop(R) CS2/setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen.rar/Photoshop CS2 v9.0 + working KeyGen/Photoshop CS2/Adobe(R) Photoshop(R) CS2/setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen.rar/Photoshop CS2 v9.0 + working KeyGen/Photoshop CS2/Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen.rar/Photoshop CS2 v9.0 + working KeyGen/Photoshop CS2/Setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
E:\Downloads\Adobe\Photoshop CS2 v9.0 incl Keygen.rar RAR: infected - 4 skipped
E:\Downloads\components\w3JMail4\jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/whCC-Audiogalaxy.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe ViseMan: infected - 7 skipped
E:\Downloads\Media Stuff\Audiogalaxy\AGSetup0606.exe ViseMan: infected - 7 skipped
E:\Downloads\Media Stuff\FreeRip\freeripmp3-v251.exe/data0010 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
E:\Downloads\Media Stuff\FreeRip\freeripmp3-v251.exe Inno: infected - 1 skipped
E:\Downloads\Media Stuff\freeripmp3.exe/data0010 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
E:\Downloads\Media Stuff\freeripmp3.exe Inno: infected - 1 skipped
E:\Downloads\Media Stuff\Kazaa\kazaalite_202_b1\first stage\kazaa_lite_202_english.exe/data0014 Infected: not-a-virus:AdWare.Win32.Altnet.o skipped
E:\Downloads\Media Stuff\Kazaa\kazaalite_202_b1\first stage\kazaa_lite_202_english.exe Inno: infected - 1 skipped
E:\Downloads\Media Stuff\Kazaa\kazaalite_202_b1.zip/first stage/kazaa_lite_202_english.exe/data0014 Infected: not-a-virus:AdWare.Win32.Altnet.o skipped
E:\Downloads\Media Stuff\Kazaa\kazaalite_202_b1.zip/first stage/kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o skipped
E:\Downloads\Media Stuff\Kazaa\kazaalite_202_b1.zip ZIP: infected - 2 skipped
E:\Downloads\Other\VNC\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\Downloads\Other\VNC\vnc-3.3.3r9_x86_win32.zip ZIP: infected - 1 skipped
E:\Downloads\Other\VNC\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\Downloads\PS_Tools.zip/pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill skipped
E:\Downloads\PS_Tools.zip/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
E:\Downloads\PS_Tools.zip ZIP: infected - 2 skipped
E:\Downloads\Remote Administrator\radmin21\RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
E:\Downloads\Remote Administrator\radmin21\RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
E:\Downloads\Remote Administrator\radmin21\RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Downloads\Remote Administrator\radmin21\RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Downloads\Remote Administrator\radmin21\RADMIN21.EXE Gentee: infected - 4 skipped
E:\Downloads\Remote Administrator\radmin21.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
E:\Downloads\Remote Administrator\radmin21.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
E:\Downloads\Remote Administrator\radmin21.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Downloads\Remote Administrator\radmin21.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Downloads\Remote Administrator\radmin21.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Downloads\Remote Administrator\radmin21.zip ZIP: infected - 5 skipped
E:\Downloads\Remote Administrator\RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
E:\Downloads\Remote Administrator\RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
E:\Downloads\Remote Administrator\RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
E:\Downloads\Remote Administrator\RADMIN22.EXE Gentee: infected - 3 skipped
E:\Downloads\Remote Administrator\rviewer3.exe/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.30 skipped
E:\Downloads\Remote Administrator\rviewer3.exe CreateInstall: infected - 1 skipped
E:\Downloads\Tight VNC\tightvnc-1.2.5-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
E:\Downloads\Tight VNC\tightvnc-1.2.5-setup.exe Inno: infected - 1 skipped
E:\Downloads\Tight VNC\tightvnc-1.2.8-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
E:\Downloads\Tight VNC\tightvnc-1.2.8-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
E:\Downloads\Tight VNC\tightvnc-1.2.8-setup.exe Inno: infected - 2 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\vbScript\Global Insight\Global Insight V1-0.zip/Installation/jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
H:\vbScript\Global Insight\Global Insight V1-0.zip ZIP: infected - 1 skipped
H:\vbScript\Global Insight\Installation\jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
I:\serverbkp\D-Drive\components\jmail.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
I:\serverbkp\D-Drive\Tools\psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
I:\serverbkp\D-Drive\Tools\pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill skipped

Scan process completed.

---------------------------------------------------------------------------------
 
Your still seeing errorsafe popups ? if so when and where do they happen
any other symptoms to report ? mention them even if they do not seam related.

C:\Documents and Settings\Matt\.housecall\Quarantine\MatrixScreenSavers.exe
Uninstall any screensavers you have installed recently
E:\Downloads\Adobe\Photoshop CS2 v9.0 < the program itself is probaly infected
same here > E:\Downloads\Media Stuff\Audiogalaxy\
and here E:\Downloads\Media Stuff\FreeRip
E:\Downloads\Media Stuff\Kazaa\ < delete
 
Hi
Honestly I had only ever seen a hand full of pop-ups, but my girl friend had told me on many occassions that they had been occuring (she has been using the PC a lot more than I have in the past few months due to other work commitments of mine). Anyway I have checked with her and she doesnt recall seeing a pop-up recently, maybe fore just over a week.

I havent actually installed any screen savers recently, in the past i have seen a lot of viruses through them so these days i just stick to the standard windows ones. And I remember the virus scanner picking up that screen saver about 3 months or so ago, but i dont remember installing it just having the install file stored on my pc.

I have also cleaned up the downloaded files based on what you have advised.

I'm sorry because im sure this will now seem like i wasted your time but I definitely was getting the pop-ups and also probably a lot of paranoia because last time these type of things happened a 'root-kit' was found on my system. Granted I have improved my security and perform much more detailed and regular scans since then, but still all the same I wanted to try and resolve this as quick as possible to avoid any chance of a 'root-kit' doing too much damage if it was found.

I really do appreciate your help and these security forums are a really great tool in todays battle against mallicious software.
 
Sorry to answer your question about when they appear(ed), it used to be just as we were browsing the internet, no particular sites in general. I was trying to determine if there was a patern between the sites but I could not.
 
Thanks LonnyRJones for the tips, I will definitely include updating the hosts file as part of my monthly scan / clean up process which I am implementing.

Thank you again for all your help and time, it is greatly appreciated :)
 
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).

Best regards
Lonn
 
You must log in or register to reply here.
Back
Top