Network traffic from 1l1i6b0.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE
I ran Prevx, Norton power eraser, Malwarebytes Anti-malware, super anti-spy, and cc cleaner. nothing works. I have done all the steps in the preparation guide, and here is my DDS log. attatch.text and ark.text are attached.
thanks.
DDS;
DDS (Ver_10-10-21.02) - NTFSx86
Run by sj at 14:16:51.42 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.243 [GMT -7:00]
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NCH Swift Sound\WebDictate\webdictate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sj\Desktop\malware_removal\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = MindSpring Internet Explorer
mWindow Title = MindSpring Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: motive.com\patttbc.att
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: Win32 Classes
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.eilistraee.com/fonts/tdserver.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241985415656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup150.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15014/CTPID.cab
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install - rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - rundll32.exe advpack.dll,userinststubwrapper {44bba840-cc51-11cf-aafa-00aa00b6015c} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-11 207280]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-10-20 30320]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-10-11 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-10-11 59664]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-10-11 233136]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-10-20 74624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-10-20 6407728]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 WebDictateService;Web Dictate;c:\program files\nch swift sound\webdictate\webdictate.exe [2010-2-24 552964]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-20 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101020.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101022.004\NAVENG.SYS [2010-10-22 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101022.004\NAVEX15.SYS [2010-10-22 1371184]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-10-20 24400]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-10-10 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-10-10 218608]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-10-11 70408]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]
S3 PortAcc;Spearit Port Access;c:\program files\laplink\pcmover\PortAcc.sys [2007-1-18 16440]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-11 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-11 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-10-11 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
=============== Created Last 30 ================
2010-10-22 01:57:51 -------- d-----w- c:\docume~1\sj\locals~1\applic~1\NPE
2010-10-21 03:13:09 74624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-21 03:13:09 70192 ----a-w- c:\windows\system32\PxSecure.dll
2010-10-21 03:13:09 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-10-21 03:13:08 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-10-21 03:13:08 -------- d-----w- c:\program files\Prevx
2010-10-21 03:12:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-10-20 02:16:29 2084 ----a-w- c:\windows\system32\tmp.reg
2010-10-14 13:48:36 -------- d-----w- c:\program files\iPod
2010-10-14 13:48:13 -------- d-----w- c:\program files\iTunes
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-14 13:40:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-14 13:36:06 -------- d-----w- c:\program files\Bonjour
2010-10-13 22:42:48 -------- d-----w- c:\program files\MindGene
2010-10-13 01:20:38 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:20:38 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:20:23 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 18:58:37 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-11 18:58:37 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-11 18:58:37 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-11 18:46:21 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-11 18:46:15 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-11 18:46:15 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-11 18:46:12 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-11 18:46:04 -------- d-----w- c:\program files\Spyware Doctor
2010-10-11 18:46:04 -------- d-----w- c:\program files\common files\PC Tools
2010-10-11 18:46:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 08:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 08:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 08:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 08:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 08:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 08:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 08:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 07:55:50 37518 ----a-w- c:\windows\system32\Repository.reg
============= FINISH: 14:19:34.98 ===============
I also recieve the Norton alert;
Network traffic from 1l1i6b0.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\INTERNET EXPLORER\IEXPLORE.EXE
Merged posts. ~ OB
Attached Files
Edited by Orange Blossom, 23 October 2010 - 01:12 AM.