Antivirus 2008

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Antivirus 2008

Options

pinkgirl View Member Profile	Jun 27 2008, 06:19 PM Post #1
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	It just refuses to go away. I have tried a couple of other forums, and this thing will not go away. The icon is gone and the background is gone. Its not in the start-up either and no pop-ups. However when I start up the old background, "warning: computer infected with spyware" flashes. Also, my add and remove programs do not work. Please help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:16:02 PM, on 6/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AIM\aim.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelman.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://prince.spelman.edu/iNotes6W.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccApp.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccApp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10162 bytes

SifuMike View Member Profile	Jul 3 2008, 10:54 PM Post #2
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello pinkgirl, QUOTE I have tried a couple of other forums, and this thing will not go away. The icon is gone and the background is gone. Its not in the start-up either and no pop-ups. However when I start up the old background, "warning: computer infected with spyware" flashes. Please tell me what you have done to try and fix this? What forums did you post at previously? This post has been edited by SifuMike: Jul 3 2008, 11:02 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

pinkgirl View Member Profile	Jul 4 2008, 12:16 AM Post #3
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	I tried the tutorial that you got set up for the antiviurs but it didnt work. a guy from suggestafix, gave me the link. Here is the link that i tried. http://www.bleepingcomputer.com/forums/topic111715.html I did what the link said and it didnt go away. Before that the other methods that I tried included removing it from the start menu, changed the background, ect. and fixing it with hijackthis. I also tried to fix it with malwarebytes. Any help would be appreciated. Thanks.

SifuMike View Member Profile	Jul 4 2008, 12:30 AM Post #4
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello pinkgirl, QUOTE and fixing it with hijackthis. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. If you do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program. I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Sun Java Runtime Environment 6 Update 6. Scroll down to where it says "Sun Java Runtime Environment 6 Update 6". Click the "Download" button to the right. Check the box that says: "*Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u6-windows-i586.exe* and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Examples of older versions in Add or Remove Programs: Java 2 Runtime Environment, SE v1.4.2 J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. We need to create a Deckard's System Scanner (DSS) Log. Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop. Primary Mirror Secondary Mirror DSS will do the following: 1. Create a new System Restore point in Windows XP and Vista. 2. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives. 3. Check some important areas of your system and produce a report for an analyst to review. 4. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes. Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner. 1. Close all applications and windows. 2. Double-click on dss.exe to run it and follow the prompts. 3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. 4. When the scan is complete, two text files will open in Notepad: main.txt <-- Will be maximized extra.txt <-- Will be minimized 5. If not, they both can be found in the C:\Deckard\System Scanner folder. 6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply. Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet. Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful. In your next reply, I need to see the following reports: DSS Main.txt DSS Extra.txt This post has been edited by SifuMike: Jul 4 2008, 12:35 AM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

SifuMike View Member Profile	Jul 4 2008, 12:45 PM Post #6
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi pinkgirl, QUOTE I tried the tutorial that you got set up for the antiviurs but it didnt work. a guy from suggestafix, gave me the link. Here is the link that i tried. http://www.bleepingcomputer.com/forums/topic111715.html I cant tell anything by the link you posted, as you have been removing stuff and that has wiped all the signs of the infection. I would like to see your SuggestAFix link. Please post the link. You said you deleted items with Hijackthis. Just what did you delete? QUOTE Also I already have Deckards, so I didnt get an extra.txt. Extra.txt should be at this location: C:\Deckard\Extra.txt Please post it. This post has been edited by SifuMike: Jul 4 2008, 01:21 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

pinkgirl View Member Profile	Jul 4 2008, 02:18 PM Post #7
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	Here is my other link. http://www.suggestafix.com/index.php?showtopic=30265 Some traces of the virus is still on the computer bc the i cant add or remove programs, and when the computer starts up the old background popups thats say you have spyware on your computer. Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Celeron® M processor 1.40GHz Percentage of Memory in Use: 67% Physical Memory (total/avail): 446.04 MiB / 143.92 MiB Pagefile Memory (total/avail): 671.52 MiB / 275.3 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.93 MiB C: is Fixed (NTFS) - 51.1 GiB total, 20.24 GiB free. D: is Fixed (FAT32) - 4.77 GiB total, 2.7 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HTS421260H9AT00 - 55.89 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 51.1 GiB - C: \PARTITION1 - Unknown - 4.78 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Norton AntiVirus v2007 (Symantec Corporation) AV: Norton AntiVirus v2007 (Symantec Corporation) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe::Enabled:AOL Instant Messenger" "C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe::Enabled:RoxioUpnpService9" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe::Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe::Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe::Enabled:AOLTopSpeed" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe::Enabled:RealPlayer" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe::Enabled:SoulSeek" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe::Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe::Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe::Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe::Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe::Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe::Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe::Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe::Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe::Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe::Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe::Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe::Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe::Enabled:hpoews01.exe" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\1137632486\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1137632486\\EE\\AOLServiceHost.exe::Disabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Disabled:AOL" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE::Enabled:Internet Explorer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Disabled:LimeWire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe::Disabled:LimeWire swarmed installer" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe::Enabled:explorer" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe::Enabled:Ares" "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE::Enabled:enable" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe::Enabled:AOL Instant Messenger" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe::Enabled:Bonjour" "C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe::Enabled:RoxioUpnpService9" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe::Enabled:Google Talk" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:µTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-116316AA3E ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\YOUR-116316AA3E NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Program Files PROMPT=$P$G RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=YOUR-116316AA3E USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin)* -- Add/Remove Programs --------------------------------------------------------- --> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414} --> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166} --> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386} --> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1} --> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18} --> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agere Systems AC'97 Modem --> agrsmdel AntivirXP08 --> "C:\Program Files\rhc7whj0eea1\uninstall.exe" AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe" AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D} BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D} BlackBerry Device Software v4.3.0 for the BlackBerry 8130 smartphone --> MsiExec.exe /X{573D8008-5F38-4F5F-820B-1D3151332282} ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0} Convert Image To PDF --> "C:\Program Files\Softinterface, Inc\Convert Image To PDF\unins000.exe" CutePDF Writer 2.6 --> C:\WINDOWS\system32\uninscpw.exe C:\Program Files\ Dell Digital Jukebox Driver --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\DJBDRV.LOG EclipseCrossword --> MsiExec.exe /I{A48C9C07-1DE1-4476-8997-AA6290F94D09} Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" GRE POWERPREP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ETS\PPGRE.ISU" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} Image2PDF v3.2 --> "C:\Program Files\Image2PDF v3.2\unins000.exe" Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11 Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe" MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0} Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_1_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe OIN Search --> C:\Program Files\OIN Search\Uninstall.exe pdf4u Printer --> MsiExec.exe /I{0B900A76-82CC-4ADF-82A5-702F784C558E} PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458) --> SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TypingMaster TypingTest --> "C:\Program Files\TypingMaster\TypingTest\unins000.exe" V CAST Music --> MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747} VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type145980 / Warning Event Submitted/Written: 06/18/2008 09:58:04 PM Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ Event Description: (SpnRegister) : Error 1355 Event Record #/Type145949 / Warning Event Submitted/Written: 06/18/2008 08:54:17 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type145854 / Error Event Submitted/Written: 06/17/2008 06:00:46 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application 16735.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [16735.exe!ws!] Event Record #/Type145853 / Error Event Submitted/Written: 06/17/2008 06:00:46 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application 16735.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [16735.exe!ws!] Event Record #/Type145852 / Error Event Submitted/Written: 06/17/2008 05:58:47 AM Event ID/Source: 455 / ESENT Event Description: wuaueng.dll (2304) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type37383 / Warning Event Submitted/Written: 06/24/2008 06:27:39 PM Event ID/Source: 20 / Print Event Description: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. Event Record #/Type37382 / Warning Event Submitted/Written: 06/24/2008 06:27:37 PM Event ID/Source: 3 / Print Event Description: Printer Microsoft Office Document Image Writer was deleted. Event Record #/Type37381 / Warning Event Submitted/Written: 06/24/2008 06:27:34 PM Event ID/Source: 4 / Print Event Description: Printer Microsoft Office Document Image Writer is pending deletion. Event Record #/Type37378 / Warning Event Submitted/Written: 06/24/2008 06:24:43 PM Event ID/Source: 20 / Print Event Description: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. Event Record #/Type37377 / Warning Event Submitted/Written: 06/24/2008 06:24:41 PM Event ID/Source: 3 / Print Event Description: Printer Microsoft Office Document Image Writer was deleted. -- End of Deckard's System Scanner: finished at 2008-06-24 18:44:32 ------------

SifuMike View Member Profile	Jul 4 2008, 02:32 PM Post #8
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello pinkgirl, Looks like this infection has been going on for over three weeks. Dupicate posting creates backlogs is is greatly frowned on by all forums. If you want help here the go to you link at SuggestAFix and tell them you close your link. No sense in tieing up two helpers. Let me know when you have done that and we shall continue. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

SifuMike View Member Profile	Jul 4 2008, 02:36 PM Post #9
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	QUOTE AV: Norton AntiVirus v2007 (Symantec Corporation) Outdated Is your Norton antivirus outdated or has it expired? -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

pinkgirl View Member Profile	Jul 4 2008, 02:41 PM Post #10
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	No, i dont think it is either outdated or expired, bc it was working just fine before I got this virus. I tried to open it just now and it said that it is unable to open Norton. I think that somehow the virus did something to it, bc like I said it was fine before I got the virus.

SifuMike View Member Profile	Jul 4 2008, 02:48 PM Post #11
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Have you asked that your SuggestAfix post be closed? We cant proceed until you do that. OK, your Norton anti virus is not working, so do not browse the Internet until we have an antivirus working. Going 3 weeks with no antivirus will get you even more infected. This post has been edited by SifuMike: Jul 4 2008, 02:59 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

pinkgirl View Member Profile	Jul 4 2008, 03:27 PM Post #12
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	Okay I sent a message asking that it be closed.

SifuMike View Member Profile	Jul 4 2008, 04:16 PM Post #13
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi Pinkgirl, QUOTE Okay I sent a message asking that it be closed . I dont want you to send a massage asking it to be closed. I cant see that. It needs to posted in the forum. Please post in the suggestafixforum asking it be closed. QUOTE http://www.suggestafix.com/index.php?showt...mp;#entry214279 This post has been edited by SifuMike: Jul 4 2008, 04:17 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

pinkgirl View Member Profile	Jul 4 2008, 06:42 PM Post #14
Member Group: Members Posts: 23 Joined: 27-June 08 Member No.: 219,058	I posted it in the forum. Thanks.

SifuMike View Member Profile	Jul 4 2008, 06:58 PM Post #15
malware expert Group: HJT Team Posts: 14,623 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi Pinkgirl, I dont see that you have done that. http://www.suggestafix.com/index.php?showt...mp;#entry214836 You need to post a message asking them to close your post, then we can continue here. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides