Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
38 Posts
Discussion Starter · #1 ·
I've had an ongoing problem with application errors that say the following:

<app name.exe> - Application Error
The instruction at "0x036...." referenced memory at "0x00000ba0". The memory could not be "read". Click on OK to terminate the program.

I've run HJT before and others couldn't find anything. I've significantly cleaned up my PC, currently uninstalled about 4-5 different spyware/adware programs (at the instruction of a MS tech support person who's trying to help me integrate SP2 back into my c:/ with no luck :sigh:). But, someone on the XP forum suggested I run HJT again and copy the log so here it is. If anyone has any other ideas I'm open to listening. I get this error message when exiting out of almost every application or browser I have. Can't seem to figure this one out. Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 9:00:09 AM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Jeff\Desktop\My Downloads\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.c
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: PopBlockBHO Class - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148938787031
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 

·
Premium Member
Joined
·
14,311 Posts
I don't see major here...Did you install anything before this happened? Perhaps IE 7.0?

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Check the box that says 'I know what I'm doing'. Click on inetcntrl.dll on the left window and then click on the arrow pointing to the right. Click Finish and follow the prompts.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com


Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.
 

·
Registered
Joined
·
38 Posts
Discussion Starter · #3 ·
Performed the steps you suggested

I performed the steps as you outlined in your post. Here is the scan log from Kaspersky's online scan of my computer. Let me know how to handle these (I didn't know if I should go ahead and delete them after I saved the log or wait to hear back so I'm keeping it on my computer until I hear back from you. Thanks for your assistance.

Jeff

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 06, 2006 6:27:28 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/06/2006
Kaspersky Anti-Virus database records: 198611
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 191666
Number of viruses found: 9
Number of infected objects: 22
Number of suspicious objects: 12
Duration of the scan process: 03:29:09

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip/trkgif.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jeff\Desktop\My Downloads\Software - Utilities\XoftSpy422_181.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Jeff\Desktop\My Downloads\Software - Utilities\XoftSpy422_181.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip/yltdxbqv.exe Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip/yltdxbqv.exe Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 4 skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Inbox/14 Apr 2004 15:51 from [email protected]:Mail Deliver/14 Apr 2004 15:51 from [email protected]:Mail Deliver.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Inbox/14 Apr 2004 17:12 from [email protected]:Mail Delivery (failure/14 Apr 2004 17:12 from [email protected]:Mail Delivery (failure.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Inbox/17 Apr 2004 21:03 from [email protected]:Mail Delive/17 Apr 2004 21:02 from [email protected]:Mail Delive.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip/yltdxbqv.exe Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Sent Items/04 Mar 2004 00:43 to '[email protected]':FW: E-mail account dis/Message.zip Infected: Email-Worm.Win32.Bagle.i skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/11 May 2004 13:14 from [email protected]:Mail Delive.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/19 May 2004 20:43 from [email protected]:Your Passwor/indexventures1929.EML.zip/p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/19 May 2004 20:43 from [email protected]:Your Passwor/indexventures1929.EML.zip Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.bak Mail MS Mail: infected - 4, suspicious - 4 skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/14 Apr 2004 15:51 from [email protected]:Mail Deliver/14 Apr 2004 15:51 from [email protected]:Mail Deliver.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/14 Apr 2004 17:12 from [email protected]:Mail Delivery (failure/14 Apr 2004 17:12 from [email protected]:Mail Delivery (failure.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/17 Apr 2004 21:03 from [email protected]:Mail Delive/17 Apr 2004 21:02 from [email protected]:Mail Delive.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/11 May 2004 13:14 from [email protected]:Mail Delive.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/19 May 2004 20:43 from [email protected]:Your Passwor/indexventures1929.EML.zip/p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Jeff's folder/Agent 77/Jeff's Work Mail/19 May 2004 20:43 from [email protected]:Your Passwor/indexventures1929.EML.zip Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Mail MS Mail: infected - 2, suspicious - 4 skipped
C:\My Download Files\Software apps\BOOMBox_Setup.exe/data0018 Infected: not-a-virus:AdWare.Win32.Advision.a skipped
C:\My Download Files\Software apps\BOOMBox_Setup.exe Inno: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D58435C Infected: Trojan-Spy.Win32.Perfloger.i skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34760220.exe Infected: Backdoor.Win32.IRCBot.ct skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35694CF5.bat Infected: Trojan.BAT.KillProc.a skipped
C:\Program Files\XoftSpy\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\XoftSpy\uninstall.exe NSIS: infected - 1 skipped

Scan process completed.
 

·
Premium Member
Joined
·
14,311 Posts
Go into Spybot->Recovery and check everything. Click on the Purge button.

Delete everything inside this folder:

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\

Delete this file:

C:\My Download Files\Software apps\BOOMBox_Setup.exe

Delete all the emails in Outlook that Kaspersky found to be infected.

Do you still get those application errors?
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top