Log File from NOD32 that may help diagnose the problem with svchost.exe, WScript.exe, mshta.exe and windefender and update not loading Please Someone help!
Alright lets try this again. I have used every antispyware, malware, and virus prog you can think of even the ones on microsoft site like Liveone care, fix it, and MSRT. Can one of you moderators please take a look at this log file and maybe you can explain to me what is going on and how to fix this. I am sure something in my keys or the exe files I mentioned got rewritten I just need to know how to go about fixing them so whatever is trying to load IE is not trying to go to a malware site anymore. If you notice in the NOD32 log file it says it has quarintined and removed these items but something is still trying to load IE to the sites mentioned and none of the 20 top anti progs can seem to find it. SO please help guys. Peace! 12/14/2010 12:20:15 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 11:20:03 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 10:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 9:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 8:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 7:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 6:20:18 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 5:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 4:20:17 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 3:20:02 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/14/2010 12:20:23 AM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 11:20:18 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 10:20:22 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 9:20:01 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 8:20:16 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 7:20:16 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 6:20:16 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 5:20:19 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 4:20:19 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 3:20:03 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 2:20:18 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 1:20:17 PM HTTP filter file http://funnybarsshow.com/jhkhj.php?kxdkhjk= JS/TrojanDownloader.Agent.NWG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\mshta.exe.12/13/2010 8:34:00 AM Real-time file system protection file C:\System Volume Information\_restore{4715539F-EC51-4104-AACE-B4A124ABB28C}\RP36\A0013700.exe a variant of Win32/RegCure potentially unwanted application deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.12/12/2010 4:17:58 PM Real-time file system protection file C:\System Volume Information\_restore{4715539F-EC51-4104-AACE-B4A124ABB28C}\RP36\A0013724.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\MRT.exe.12/12/2010 4:17:56 PM Real-time file system protection file C:\System Volume Information\_restore{4715539F-EC51-4104-AACE-B4A124ABB28C}\RP36\A0013723.dll Win32/RegistryBooster potentially unwanted application deleted - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\MRT.exe.12/12/2010 9:48:36 AM Real-time file system protection file C:\System Volume Information\_restore{4715539F-EC51-4104-AACE-B4A124ABB28C}\RP34\A0013656.rbf Win32/RegistryBooster potentially unwanted application deleted NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:25:25 PM Real-time file system protection file C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:25:24 PM Real-time file system protection file C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:25:23 PM Real-time file system protection file C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:25:23 PM Real-time file system protection file C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:25:20 PM Real-time file system protection file C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:25:19 PM Real-time file system protection file C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting - quarantined DIMENSION2400\User Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.12/11/2010 9:23:07 PM Startup scanner file C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster potentially unwanted application deleted (after the next restart) - quarantined 12/11/2010 9:22:03 PM Real-time file system protection file C:\windows\Tasks\At9.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:02 PM Real-time file system protection file C:\windows\Tasks\At8.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:02 PM Real-time file system protection file C:\windows\Tasks\At7.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:02 PM Real-time file system protection file C:\windows\Tasks\At6.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:01 PM Real-time file system protection file C:\windows\Tasks\At5.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:01 PM Real-time file system protection file C:\windows\Tasks\At24.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:01 PM Real-time file system protection file C:\windows\Tasks\At3.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:01 PM Real-time file system protection file C:\windows\Tasks\At4.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:01 PM Real-time file system protection file C:\windows\Tasks\At21.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:00 PM Real-time file system protection file C:\windows\Tasks\At23.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:00 PM Real-time file system protection file C:\windows\Tasks\At22.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:00 PM Real-time file system protection file C:\windows\Tasks\At20.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:00 PM Real-time file system protection file C:\windows\Tasks\At2.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:22:00 PM Real-time file system protection file C:\windows\Tasks\At19.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:55 PM Real-time file system protection file C:\windows\Tasks\At10.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:55 PM Real-time file system protection file C:\windows\Tasks\At15.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:55 PM Real-time file system protection file C:\windows\Tasks\At16.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At1.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At17.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At14.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At12.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At18.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At11.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.12/11/2010 9:21:54 PM Real-time file system protection file C:\windows\Tasks\At13.job Win32/Adware.FakeAntiSpy.O application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.1 person needs an answerI do too
December 20th, 2010 8:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics