Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected Host Errors

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected Host Errors

Unread postby jawkneew8 » April 24th, 2010, 2:42 pm

Cipher,

I'm still here. I promise! I had a busy past few days at work and at home, and so I haven't had time to post a reply to you.

I completed the steps you requested, and posted two log files. I wasn't sure if you needed the OTM log file, but I threw it in for good measure.

Things seem to be working quite well, but I fear that something is still going on with the redirected hosts. The current homepage is set up as www.google.com, and every time I go to open Firefox, I get sent to the following URL:

http://sorry.google.com/sorry/?continue ... oogle.com/

with the following text on the page:

We're sorry...

... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.

To continue searching, please type the characters you see below:

I don't know that this is a legit Google URL, as the Google logo doesn't look like I remember it to be. It just looks like colored text without any shading on the letters. I just tried typing in www.googleimages.com to look up the Google logo, and it sent me to this URL:

http://www.digforgold.com/search

Something must still be awry with the Google websites. I noticed in the log file that there are a lot of Google URLs that go to different country sites from around the world. My in-laws only access the Google search site from the US, and have no interest in doing a search from another country. I don't know if this can help you in your hunt, but so far, you have done a great job tracking down various things.

Other than this, there seems to be a lot of improvement with things running faster. and still no pop-ups. :D

I'll try to be more responsive in the future. I realize that you do not get paid for this, and I don't want your helping me to become an inconvenience for you!

jawkneew8
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm
Advertisement
Register to Remove

Re: Redirected Host Errors

Unread postby Cypher » April 24th, 2010, 3:01 pm

Hi jawkneew8.
Code: Select all
You didn't mention that you needed this in your post

Sorry about that my mistake thank you for including it.
I'll try to be more responsive in the future. I realize that you do not get paid for this, and I don't want your helping me to become an inconvenience for you!

It's not a problem if you need more time just let me know, this avoids you're topic being closed as inactive ;)
And it's no inconvenience at all don't worry im glad to help.
Good work so far please continue with the instructions below.
It seems the last Hosts file reset failed so we will try another way.

Download HostsXpert and unzip it to your computer, somewhere where you can find it but don't run it yet.

    Next.

    Re-run OTM
    • Double-click OTM.exe to run it.
    • Right-click then copy the following code, Do not include the word Code.
      Code: Select all
      :Files
      C:\WINDOWS\system32\drivers\etc\hosts
      :Commands
      [emptytemp]
      [start explorer]
      [Reboot]
      

      • Return to OTM, right-click then paste the code into the blank box below Image
      • Push the large Image button.
      • OTM may ask to reboot the machine. Please do so if asked.
      • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next.

    • Double click on HostsXpert.exe to launch the programme.
    • When prompted with:
      HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
    • Select OK.
    • Check to see if top button on left hand side says Make Writable?
      • If it does. click on it then proceed to next instruction.
      • If not, just proceed to next instruction
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition
    • When prompted to confirm, click OK.
    • Click on the Download button (lower left hand side)
      • Click on MVPs Hosts... button.
      • Click on Replace button.
      • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
    • When finished.
      • Click on File Handling button.
      • Click on Make Read Only? to secure it against infection.
    • Exit the programme.

    Next.

    Post a New HJT Log
    • Start HijackThis.
    • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
    • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    • When completed...Notepad will open with the new "hijackthis.log" file contents.
    • Copy/paste the entire (hijackthis.log) file contents in your next reply.



    Logs/Information to Post in your Next Reply

    • HijackThis log.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby jawkneew8 » April 25th, 2010, 6:11 pm

OTM Log File

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BABE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 1017 bytes
->Temporary Internet Files folder emptied: 1193428 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84565439 bytes
->Apple Safari cache emptied: 14789520 bytes
->Flash cache emptied: 2025 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 96.00 mb


OTM by OldTimer - Version 3.1.10.2 log created on 04252010_160429

Files moved on Reboot...

Registry entries deleted on Reboot...
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby jawkneew8 » April 25th, 2010, 6:16 pm

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:26 PM, on 4/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karen\Desktop\HostsXpert\HostsXpert\HostsXpert.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://liviabrooke.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11505 bytes
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby jawkneew8 » April 25th, 2010, 6:23 pm

Cipher,

This last HijackThis log file seemed like it was quite a bit shorter than the previous ones I have ran. It appears that when we open Firefox, we aren't getting redirected anywhere. Google actually comes up without any issues.

After running OTM today, the desktop picture that was set up as the background was removed, and we had instructions for Active Desktop Recovery. I am assuming that this is because we set all the files back to default. I can easily change the picture back to what they had it, but wanted to make sure that it wasn't a consequence of any remaining viruses.

I have a sneaking suspicion that this last round of changes did the trick. I am not the computer expert though, so please correct me if I am wrong.

Once again, I appreciate your help with all this. It has been quite a tangled mess, and I am glad that there are people out there who understand computers enough to troubleshoot this type of issue. I will definitely recommend this site to anyone who is experiencing similar problems. You have been most professional and helpful!

jawkneew8
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby Cypher » April 26th, 2010, 5:53 am

Hi jawkneew8.
Once again, I appreciate your help with all this

You're most welcome.
After running OTM today, the desktop picture that was set up as the background was removed

Thats odd but unlikely to be virus related just change it back again.
It appears that when we open Firefox, we aren't getting redirected anywhere.

Good work you're doing great, the last hosts file reset was successful and you're logs look much better.
We still have some work to do so stay with me.



Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.


Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
  • All versions numbered lower than 9.3.2 are vulnerable.
  • Go Here to download the installer for Adobe Reader and save AdbeRdrUpd932_all_incr.msp to a convenient location.
  • Double-click AdbeRdrUpd932_all_incr.msp and follow the prompts to install Adobe Reader 9.3.2


Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.



Logs/Information to Post in your Next Reply

  • Kaspersky log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby jawkneew8 » April 28th, 2010, 12:10 pm

Cipher,

I'm heading over tonight to run these logs. I should have an update for you by tomorrow morning.

jawkneew8
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby Cypher » April 28th, 2010, 12:23 pm

No problem thanks for letting me know :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby jawkneew8 » April 29th, 2010, 10:48 am

Cipher,

The Kaspersky scan took considerably longer than I expected. I left it running at my in-law's house last night, and am hoping it is done by now. It had been running for an hour when I left, and was only 3% complete.

I left my in-laws detailed instructions on how to post the log, as well as including an update on performance, and I am hoping that it will be up shortly for you.

jawkneew8
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby Cypher » April 29th, 2010, 11:03 am

That scan can take some time to complete just post the log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby jawkneew8 » April 29th, 2010, 11:42 am

Cipher,

The computer seems to be working better. I would say that it is running better than it has for years.

It appears that there are a lot of files that are still infected, and from the looks of it, they are probably a lot of the files that were downloaded from Limewire.

I forgot to check if Google images is still being redirected. I'll check that the next time I end up heading over to my in-laws'.

As promised, here is the log file.

Kaspersky Log File

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 29, 2010 00:33:13
Records in database: 3999934

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Objects scanned 95861
Threats found 33
Infected objects found 148
Suspicious objects found 0
Scan duration 03:15:40

File name Threat Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04274EB2 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\043B4A9C Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0751396C Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08FD57F2 Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090101EF Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090755E8 Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09A47BBB Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB24BCE Infected: not-a-virus:AdWare.Win32.ImiBar.b 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA60E88 Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130E55D7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A880C3A Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B25232 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26184839 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C520986.htm Infected: Trojan-Downloader.JS.Agent.kd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA75910 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FAA030C Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB15705 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB40102 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB72AFE Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBB54FA Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBE7EF7 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC128F3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC552F0 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC87CEC Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCE50E5 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD27AE1 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD524DE Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34104193 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35401F4F Infected: not-a-virus:AdWare.Win32.WinAD.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3543494B Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\354A1D44 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35574536 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355A6F32 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355D192E Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35922966 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFA0599 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4021141E Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454161CC Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46774DC3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FB093D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D92D1D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FEA7432 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60506A3A Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7A3031 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCA4B67 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B5B0766 Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7903CC Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\Karen\Local Settings\Application Data\2991590366.dll Infected: Packed.Win32.Katusha.j 1

C:\Documents and Settings\Karen\Shared\adiamus te.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\all love can be charlotte.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\beaturiful disaster (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful disaster jon.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bionic man tv theme[high quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bohemian rhapsody CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\Boyce Avenue - keep holding on .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\canned heat.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\cartoon version godzilla.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\central park king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss remix feat the black eyed peas.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\day without rain enya new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\domo CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles (unreleased live record).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\enchantment passing through - best track ever.wma Infected: Trojan-Downloader.Multi.MusLdr.c 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong (new album)(1).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\friends.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Giacomo Bondi - The Beatles Re-Lou.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\girls just wanna have fun greg (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\gods of nubia aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\hagdalina magdalina 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\harder better faster edited - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\he man masters of - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\hello jonas brothers.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\how i know you reprise aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\i love to laugh.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (instrumental version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\incridible hulk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\jonas theme song new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\joseph king of dreams (rare track).wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\kafal sviri [256k quality].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Killing Heidi - Notebook.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\kite finding neverland hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\kite finding neverland.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida high quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song (high bitrate).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\meet joe black hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\meet joe black.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Mutemath - Spotlight (Twilight Mix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\notebook new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\One Giant Leap feat Robbie Williams & Maxi Jazz - My Culture.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\Pepper - Good Enough.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\running with devil alexz 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\running with devil alexz [extended version].wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warrior(192k 44100 stereo).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warriors.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\Some Things Are Meant To Be - Sutton Foster and Megan McGinnis - Little Women (Original Broadway Cast Recording).wma Infected: Trojan-Downloader.WMA.Wimad.u 1

C:\Documents and Settings\Karen\Shared\spotlight twilight mix (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\suicidal new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Taylor Swift- Fearless.wma Infected: Trojan-Clicker.WMA.Agent.d 1

C:\Documents and Settings\Karen\Shared\tv theme of my three sons.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\Twilight soundtrack paramore i caught myself.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\what is love CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\why have you brought me here (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\why have you brought me here.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\witchs brew 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\zak sara ben folds (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268517.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268607.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.g 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268609.exe Infected: Trojan-Downloader.Win32.Agent.czuf 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1971\A0270227.dll Infected: Trojan.Win32.BHO.adny 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2027\A0275164.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2028\A0275185.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2029\A0275199.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2030\A0275216.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2031\A0275327.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2032\A0275339.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275341.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275347.exe Infected: Trojan.Win32.FraudPack.anjq 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0275465.exe Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0276424.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2035\A0276437.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2036\A0276440.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2037\A0276484.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2038\A0276507.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2039\A0276540.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2040\A0276544.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2046\A0277288.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2047\A0277294.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2049\A0278270.exe Infected: Packed.Win32.Katusha.j 1

C:\_OTM\MovedFiles\04242010_121849\C_Documents and Settings\All Users\Application Data\a4e1228\LPa4e1.exe Infected: Trojan.Win32.FraudPack.akuj 1

Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 29, 2010 00:33:13
Records in database: 3999934

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Objects scanned 95861
Threats found 33
Infected objects found 148
Suspicious objects found 0
Scan duration 03:15:40

File name Threat Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04274EB2 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\043B4A9C Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0751396C Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08FD57F2 Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090101EF Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090755E8 Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09A47BBB Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB24BCE Infected: not-a-virus:AdWare.Win32.ImiBar.b 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA60E88 Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130E55D7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A880C3A Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B25232 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26184839 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C520986.htm Infected: Trojan-Downloader.JS.Agent.kd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA75910 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FAA030C Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB15705 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB40102 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB72AFE Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBB54FA Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBE7EF7 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC128F3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC552F0 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC87CEC Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCE50E5 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD27AE1 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD524DE Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34104193 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35401F4F Infected: not-a-virus:AdWare.Win32.WinAD.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3543494B Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\354A1D44 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35574536 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355A6F32 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355D192E Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35922966 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFA0599 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4021141E Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454161CC Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46774DC3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FB093D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D92D1D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FEA7432 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60506A3A Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7A3031 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCA4B67 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B5B0766 Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7903CC Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\Karen\Local Settings\Application Data\2991590366.dll Infected: Packed.Win32.Katusha.j 1

C:\Documents and Settings\Karen\Shared\adiamus te.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\all love can be charlotte.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\beaturiful disaster (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful disaster jon.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bionic man tv theme[high quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bohemian rhapsody CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\Boyce Avenue - keep holding on .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\canned heat.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\cartoon version godzilla.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\central park king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss remix feat the black eyed peas.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\day without rain enya new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\domo CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles (unreleased live record).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\enchantment passing through - best track ever.wma Infected: Trojan-Downloader.Multi.MusLdr.c 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong (new album)(1).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\friends.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Giacomo Bondi - The Beatles Re-Lou.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\girls just wanna have fun greg (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\gods of nubia aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\hagdalina magdalina 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\harder better faster edited - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\he man masters of - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\hello jonas brothers.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\how i know you reprise aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\i love to laugh.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (instrumental version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\incridible hulk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\jonas theme song new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\joseph king of dreams (rare track).wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\kafal sviri [256k quality].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Killing Heidi - Notebook.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\kite finding neverland hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\kite finding neverland.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida high quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song (high bitrate).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\meet joe black hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\meet joe black.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Mutemath - Spotlight (Twilight Mix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\notebook new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\One Giant Leap feat Robbie Williams & Maxi Jazz - My Culture.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\Pepper - Good Enough.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\running with devil alexz 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\running with devil alexz [extended version].wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warrior(192k 44100 stereo).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warriors.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\Some Things Are Meant To Be - Sutton Foster and Megan McGinnis - Little Women (Original Broadway Cast Recording).wma Infected: Trojan-Downloader.WMA.Wimad.u 1

C:\Documents and Settings\Karen\Shared\spotlight twilight mix (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\suicidal new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Taylor Swift- Fearless.wma Infected: Trojan-Clicker.WMA.Agent.d 1

C:\Documents and Settings\Karen\Shared\tv theme of my three sons.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\Twilight soundtrack paramore i caught myself.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\what is love CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\why have you brought me here (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\why have you brought me here.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\witchs brew 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\zak sara ben folds (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268517.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268607.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.g 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268609.exe Infected: Trojan-Downloader.Win32.Agent.czuf 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1971\A0270227.dll Infected: Trojan.Win32.BHO.adny 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2027\A0275164.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2028\A0275185.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2029\A0275199.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2030\A0275216.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2031\A0275327.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2032\A0275339.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275341.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275347.exe Infected: Trojan.Win32.FraudPack.anjq 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0275465.exe Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0276424.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2035\A0276437.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2036\A0276440.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2037\A0276484.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2038\A0276507.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2039\A0276540.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2040\A0276544.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2046\A0277288.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2047\A0277294.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2049\A0278270.exe Infected: Packed.Win32.Katusha.j 1

C:\_OTM\MovedFiles\04242010_121849\C_Documents and Settings\All Users\Application Data\a4e1228\LPa4e1.exe Infected: Trojan.Win32.FraudPack.akuj 1

Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 29, 2010 00:33:13
Records in database: 3999934

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Objects scanned 95861
Threats found 33
Infected objects found 148
Suspicious objects found 0
Scan duration 03:15:40

File name Threat Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04274EB2 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\043B4A9C Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0751396C Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08FD57F2 Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090101EF Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090755E8 Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09A47BBB Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB24BCE Infected: not-a-virus:AdWare.Win32.ImiBar.b 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA60E88 Infected: Trojan-Downloader.Win32.Dyfuca.da 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130E55D7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A880C3A Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B25232 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26184839 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C520986.htm Infected: Trojan-Downloader.JS.Agent.kd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA75910 Infected: Trojan-Clicker.Win32.Delf.r 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FAA030C Infected: Trojan-Downloader.Win32.Dyfuca.cr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB15705 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB40102 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB72AFE Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBB54FA Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBE7EF7 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC128F3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC552F0 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FC87CEC Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FCE50E5 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD27AE1 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD524DE Infected: Trojan-Dropper.Win32.Delf.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34104193 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35401F4F Infected: not-a-virus:AdWare.Win32.WinAD.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3543494B Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\354A1D44 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35574536 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355A6F32 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355D192E Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35922966 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFA0599 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4021141E Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454161CC Infected: Trojan-Downloader.Win32.Dyfuca.gen 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46774DC3 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50FB093D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D92D1D Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FEA7432 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60506A3A Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7A3031 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCA4B67 Infected: not-a-virus:AdWare.Win32.BetterInternet 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B5B0766 Infected: not-a-virus:AdWare.Win32.WinAD 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7903CC Infected: Trojan.Win32.Revop.c 1

C:\Documents and Settings\Karen\Local Settings\Application Data\2991590366.dll Infected: Packed.Win32.Katusha.j 1

C:\Documents and Settings\Karen\Shared\adiamus te.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\all love can be charlotte.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\beaturiful disaster (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful disaster jon.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\beautiful king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bionic man tv theme[high quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bob bonnie edited houston.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\bohemian rhapsody CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\Boyce Avenue - keep holding on .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\canned heat.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\cartoon version godzilla.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\central park king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss remix feat the black eyed peas.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\comfortably quiet i see starss.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\day without rain enya new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\domo CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles (unreleased live record).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\elanore rigby beatles new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\enchantment passing through - best track ever.wma Infected: Trojan-Downloader.Multi.MusLdr.c 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong (new album)(1).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\fateful meeting king kong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\friends.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Giacomo Bondi - The Beatles Re-Lou.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\girls just wanna have fun greg (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\gods of nubia aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\hagdalina magdalina 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\harder better faster edited - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\he man masters of - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\hello jonas brothers.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\how i know you reprise aida.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\i am sixteen going on seventee.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\i love to laugh.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist emmy [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (instrumental version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\i remember there was mist of (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\incridible hulk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\jonas theme song new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\joseph king of dreams (rare track).wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\kafal sviri [256k quality].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Killing Heidi - Notebook.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\kite finding neverland hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\kite finding neverland.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\leader ace enders [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\love story meets viva la vida high quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song (high bitrate).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\mario kart love song - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\meet joe black hot new track.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\meet joe black.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\Mutemath - Spotlight (Twilight Mix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\notebook new cover version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\One Giant Leap feat Robbie Williams & Maxi Jazz - My Culture.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\Pepper - Good Enough.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1

C:\Documents and Settings\Karen\Shared\running with devil alexz 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\running with devil alexz [extended version].wav Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warrior(192k 44100 stereo).snd Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Documents and Settings\Karen\Shared\saturdays warriors.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

C:\Documents and Settings\Karen\Shared\Some Things Are Meant To Be - Sutton Foster and Megan McGinnis - Little Women (Original Broadway Cast Recording).wma Infected: Trojan-Downloader.WMA.Wimad.u 1

C:\Documents and Settings\Karen\Shared\spotlight twilight mix (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\suicidal new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Documents and Settings\Karen\Shared\Taylor Swift- Fearless.wma Infected: Trojan-Clicker.WMA.Agent.d 1

C:\Documents and Settings\Karen\Shared\tv theme of my three sons.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\Karen\Shared\Twilight soundtrack paramore i caught myself.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

C:\Documents and Settings\Karen\Shared\what is love CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\why have you brought me here (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\why have you brought me here.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\witchs brew 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song new hot single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Documents and Settings\Karen\Shared\wonder woman tv theme song.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

C:\Documents and Settings\Karen\Shared\zak sara ben folds (320k stereo).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268517.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268607.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.g 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1969\A0268609.exe Infected: Trojan-Downloader.Win32.Agent.czuf 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1971\A0270227.dll Infected: Trojan.Win32.BHO.adny 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2027\A0275164.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2028\A0275185.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2029\A0275199.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2030\A0275216.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2031\A0275327.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2032\A0275339.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275341.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2033\A0275347.exe Infected: Trojan.Win32.FraudPack.anjq 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0275465.exe Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2034\A0276424.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2035\A0276437.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2036\A0276440.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2037\A0276484.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2038\A0276507.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2039\A0276540.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2040\A0276544.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2046\A0277288.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2047\A0277294.dll Infected: Packed.Win32.Katusha.j 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2049\A0278270.exe Infected: Packed.Win32.Katusha.j 1

C:\_OTM\MovedFiles\04242010_121849\C_Documents and Settings\All Users\Application Data\a4e1228\LPa4e1.exe Infected: Trojan.Win32.FraudPack.akuj 1

Selected area has been scanned.
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby Cypher » April 29th, 2010, 12:36 pm

Hi jawkneew8.
It appears that there are a lot of files that are still infected, and from the looks of it, they are probably a lot of the files that were downloaded from Limewire.
Exactly this is why we warn of the dangers of using P2P applications.
There are a lot of infected music files in this folder.
C:\Documents and Settings\Karen\Shared

The easiest thing to do is delete all the music files in that folder or if you wish i can remove them, let me know in you're next post what you would like to do.

In the meantime please do this.

Delete file/folder
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c del /F C:\Documents and Settings\Karen\Local Settings\Application Data\2991590366.dll

A blank command window will open on your desktop, then close in a minute or two. This is normal.



Information to Post in your Next Reply

  • How would you like to remove those music files?
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby Cypher » May 1st, 2010, 3:57 pm

Hi jawkneew8.
Hows things going?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected Host Errors

Unread postby jawkneew8 » May 1st, 2010, 7:12 pm

Cipher,

I went through and deleted all the affected files in the Shared folder. I did not go into any of the other folders and manually delete the files.

After moving the files to the Recycle Bin, I emptied it.

I also ran the script you asked me to put in the command prompt. The black screen disappeared after being up for only a second or two. I did not see any text on the screen while this process was going on, and ran it again, just to make sure the file was deleted.

Do I need to go delete any of the other files from other folders manually? If not, then what is our next step?

The computer seems to be running fine, and I can't report any issues. I like that!

Once again, thanks for your help. This has been quite easy from my end. I work as a professional technical writer, and your instructions have been very clear and great.

jawkneew8
jawkneew8
Regular Member
 
Posts: 19
Joined: April 10th, 2010, 7:56 pm

Re: Redirected Host Errors

Unread postby Cypher » May 2nd, 2010, 5:13 am

Hi jawkneew8.
Once again, thanks for your help. This has been quite easy from my end. I work as a professional technical writer, and your instructions have been very clear and great.
You're most welcome.
Good work.
Clear you're Norton AntiVirus Quarantined files and you're good to go.

your latest set of logs appear to be clean! :)
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Create a new, clean System Restore point

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware