Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Really Desperately Need Help, Still Have Problems


  • This topic is locked This topic is locked
44 replies to this topic

#1 boo-boo-79

boo-boo-79

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 21 November 2006 - 06:47 PM

Had vundo, and smitfraud and exploit.byteverify which all seem to be gone.
Everything was working ok, got my msn settings back and everything, but then tonight it has lost my settings again and when I went to system restore it told me that it had downloaded something from "Software Distribution Service 2.0" now someone told me when I had problems several months ago that this was caused by a hijack attempt using a virus, I don't know if it's true but it's around the time my pc said it was updating Microsoft. However normally when I update microsoft it doesn't say that.
So I've created a log.
Please help.

Logfile of HijackThis v1.99.1
Scan saved at 23:29:14, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Victoria\Desktop\HiJack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123982379390
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132104508758
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://wanadoouk.oberon-media.com/online2/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by boo-boo-79, 21 November 2006 - 06:48 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 02 December 2006 - 12:52 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 02 December 2006 - 05:50 PM

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

If you are using Internet Explorer, please consider using an alternate browser such as Mozilla's Firefox. It is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker. Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.

Step 2

If you save HijackThis to your desktop, you may easily lose track of the backup log in the wallpaper area (or someone might delete the backup file by dragging it to the Recycle Bin). When you copy and paste your log, HijackThis provides a line entry showing the path to its running folder. If you use another folder like HijackThis in the root of the C: drive (as recommended) then your Profile Name will NOT be displayed in the log.

Please place HijackThis into ITS OWN PERMANANT FOLDER.
  • You can do this by going to My Computer (Windows key+e).
  • Double click on C:
  • If the folder is hidden, click on show the contents of this folder.
  • Right-click on a blank space in the right column and select New > Folder
  • Name it HJT (C:\HJT\HijackThis.exe
  • Move HijackThis.exe into this folder.
  • When you run HijackThis.exe from the C:\HJT folder and have it Fixed checked, it will create a backup file of modifications to use which are easily accessible if restoring any files is necessary.
If needed, here are two tutorials, HijackThis Folder Tutorial and How to Download, Extract and Run HijackThis.

Step 3

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
  • Download the latest Java Runtime Environment
    • Scroll down to where it says The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
    • Click the Download button to the right.
    • Check the box that says: Accept License Agreement.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • On your desktop, double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Step 4

Please download Ad-Aware SE.
Please check this link, Using Ad-Aware To Remove Spyware From Your Computer for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 5

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Step 6

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).
  • Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security:
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 7

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 8

Please download the ATF-Cleaner.
ATF-Cleaner features include:
  • Cleaning of all user temp folders, (only the administrator can use this feature.)
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. (You have the option of checking no if you want to save your passwords)
  • For Firefox or Opera
    • Click Firefox or Opera at the top and choose: Select All.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  • If needed, please see this tutorial, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 9

Please disconnect from the Internet. Please close ALL browser windows (including this one).

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

The above HijackThis entry indicates that you have PopCapLoader which is identified as adware by some antivirus programs and as a trojan downloader by others. PopCapLoader comes with games related to popcap.com. There appears to be some privacy issues with PopCapLoader. It probably tracks the usage of the games you play. It is up to you if the service it provides is worth the risk. If you do not use this game often, I recommend that you remove it. If you remove the PopCapLoader Object, you will also need to remove the PopCapLoaderCtrl Class. To Reinstall anytime : Go back to your MSN Games Web page to reload the game. The new controls will be reinstalled once the game begins loading.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

PopCapLoader Object
PopCapLoaderCtrl Class


Now we will address the HijackThis fixes.

Please run HijackThis and click [b[Scan[/b] Place checks next to the following entries (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll


These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.

You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot

ppwebcap or ppwebcap.exe (Visioneer ScanSoft) process can be removed to free up resources without compromising system performance. ppwebcap.exe is a process which installs a system tray bar icon, providing easy access to the Visioneer ScanSoft software. This is a non-essential process. Disabling or enabling it is down to user preference.This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. This is the item to fix in HijackThis:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 ‑ Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 10

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 11

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 04 December 2006 - 05:29 PM

Ok, I received help from a very kind man to remove some viruses whilst I waited for your help, and think I have sorted a lot of my problems, however today I have followed the steps you suggested anyway, to be doubly sure I was getting rid of the problems because after he'd finished helping me my computer was saying it was clean, but then it bought me up a window in the corner of my screen saying my c drive (hard drive) was running at full capacity and to erase unnecessary items and programs click "here" but it disappeared again as soon as I wasn't online anymore. It's not re-appeared so I know it was bogus. I also know that my computer isn't full and I've used CCleaner, hijack, killbox and cleanmgr to remove anything that isn't needed.
I had already done housecall and panda which came up clean, but I did the CA one and the Bit Defender one and I'm so glad I did! Bit defender said it found 13 viruses.

I also need help with windows update, it won't let me update it now, and keeps taking me back to a page where it says click to continue but it appears to start doing something and then returns to the first page.
I also uninstalled MSN Instant messanger as I was unsure if that was part of the problem (I lost all my settings and couldn't log in etc) and now am unsure about putting back Live Messenger because it was when I installed that I started noticing more problems which I hadn't had before, it was running very slowly and was being uncooperative, not saving my username and generally behaving VERY differently to how IM had been.
I also seem to have Windows messenger running the whole time I'm using either Outlook Express or IE, which my computer never did before. I would rather it didn't do this as I have tried using it in the past and found it has a lot of limitations. Can you help me to sort this out too please?

This is what bit defender found, it said it couldn't fix or delete all problems but I can't see which it missed (I've changed the email address to user for my own safety):

BitDefender Online Scanner
Scan report generated at: Mon, Dec 04, 2006 - 18:40:22

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;

Statistics
Time 01:37:11
Files 541683
Folders 6174
Boot Sectors 3
Archives 20769
Packed Files 47725

Results
Identified Viruses 13
Infected Files 79
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 149

Engines Info
Virus Definitions 324362
Engine build AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes


Scanned File Status
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01FF518D.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01FF518D.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05065262.tmp=>(Quarantine-2) Infected with: Backdoor.IRCBot.FK
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05065262.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05065262.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DF0C6C.tmp=>(Quarantine-2)=>[Subject: Internet Provider Abuse][Date: Mon, 3 Jul 2006 21:14:54 +0100]=>(MIME part)=>judge.txt Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DF0C6C.tmp=>(Quarantine-2)=>[Subject: Internet Provider Abuse][Date: Mon, 3 Jul 2006 21:14:54 +0100]=>(MIME part)=>judge.txt Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DF0C6C.tmp=>(Quarantine-2)=>[Subject: Internet Provider Abuse][Date: Mon, 3 Jul 2006 21:14:54 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DF0C6C.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DF0C6C.tmp Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F30A65.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F30A65.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380B64DB.txt=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380B64DB.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380B64DB.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399E65DB.htm=>(Quarantine-2) Infected with: Trojan.SpySheriff.C
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399E65DB.htm=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399E65DB.htm=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp=>(Quarantine-2)=>[Subject: Stolen document][Date: Wed, 29 Mar 2006 15:43:43 +0100]=>(MIME part)=>about_you.zip=>document.txt .exe Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp=>(Quarantine-2)=>[Subject: Stolen document][Date: Wed, 29 Mar 2006 15:43:43 +0100]=>(MIME part)=>about_you.zip=>document.txt .exe Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp=>(Quarantine-2)=>[Subject: Stolen document][Date: Wed, 29 Mar 2006 15:43:43 +0100]=>(MIME part)=>about_you.zip Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp=>(Quarantine-2)=>[Subject: Stolen document][Date: Wed, 29 Mar 2006 15:43:43 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D25D6.tmp Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>(MIME part)=>(message body) Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>(MIME part)=>(message body) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>(MIME part)=>(message body) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>message.scr Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part)=>message.scr Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Wed, 29 Mar 2006 16:02:50 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC1178B.tmp Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E472F48.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E472F48.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E472F48.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E4D0341.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E4D0341.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E4D0341.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\439C20DA.txt=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\439C20DA.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\439C20DA.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43A5654C.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43A5654C.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44400AE1.htm=>(Quarantine-2) Infected with: Trojan.JS.Obsq.C
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44400AE1.htm=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44400AE1.htm=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45523160.tmp=>(Quarantine-2)=>[Subject: Re: Old photos][Date: Thu, 29 Jun 2006 00:30:17 +0100]=>(MIME part)=>letter.txt.exe Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45523160.tmp=>(Quarantine-2)=>[Subject: Re: Old photos][Date: Thu, 29 Jun 2006 00:30:17 +0100]=>(MIME part)=>letter.txt.exe Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45523160.tmp=>(Quarantine-2)=>[Subject: Re: Old photos][Date: Thu, 29 Jun 2006 00:30:17 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45523160.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45523160.tmp Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>(MIME part)=>(message body) Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>(MIME part)=>(message body) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>(MIME part)=>(message body) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>message.scr Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part)=>message.scr Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2)=>[Subject: Mail Delivery (failure user@whsmi][Date: Thu, 29 Jun 2006 01:20:11 +0100]=>(MIME part) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp=>(Quarantine-2) Updated
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B41CF4.tmp Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C72F8C.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C72F8C.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48EA16D5.tmp=>(Quarantine-2) Infected with: Trojan.Spy.Agent.AB
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48EA16D5.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48EA16D5.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48F16ACE.tmp=>(Quarantine-2) Infected with: Trojan.Spy.Agent.AB
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48F16ACE.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48F16ACE.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4024EE.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4024EE.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B434EEB.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B434EEB.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4678E7.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4678E7.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541627A1.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541627A1.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541627A1.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55B825D5.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55B825D5.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55B825D5.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C2724F.tmp=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0003 Infected with: Trojan.Starter.V
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C2724F.tmp=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0003 Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C2724F.tmp=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0003 Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C2724F.tmp=>(Quarantine-2)=>(NSIS o) Update failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56964CE0.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56964CE0.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56964CE0.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B6F4CD5.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B6F4CD5.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B6F4CD5.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.txt=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B794ACA.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.txt=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C74C6.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.txt=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B801EC3.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8672BB.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8672BB.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8672BB.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B891CB8.txt=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B891CB8.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B891CB8.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.txt=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8D46B4.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.txt=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9070B1.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9644A9.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9644A9.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9644A9.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.txt=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A6EA6.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C1C7E16.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C1C7E16.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C1C7E16.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.txt=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C202813.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.txt=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C23520F.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.txt=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C267C0B.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.txt=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C292608.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C2D5004.txt=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C2D5004.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C2D5004.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF93C95.dll=>(Quarantine-2) Infected with: Trojan.Spy.Agent.AB
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF93C95.dll=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF93C95.dll=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA417C.tmp=>(Quarantine-2) Infected with: Trojan.Spy.Agent.AB
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA417C.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA417C.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71DD10D4.txt=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71DD10D4.txt=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71DD10D4.txt=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7350563C.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7350563C.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD342DB.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD342DB.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD342DB.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB05954.tmp=>(Quarantine-2) Infected with: Trojan.PWS.Raven.A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB05954.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F6E5EAE9-05D3-48F7-9EBC-E1454D59AB5A}\00000001.URM Infected with: Trojan.SpySheriff.C
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F6E5EAE9-05D3-48F7-9EBC-E1454D59AB5A}\00000001.URM Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{F6E5EAE9-05D3-48F7-9EBC-E1454D59AB5A}\00000001.URM Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003361.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003361.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003361.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003362.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003362.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003362.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003363.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Small.H
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003363.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003363.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003364.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003364.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003364.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003365.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003365.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003365.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003366.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003366.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003366.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003367.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003367.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003367.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003368.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003368.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003368.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003369.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003369.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003369.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003370.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003370.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003370.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003371.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003371.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003371.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003372.exe=>(Quarantine-2) Infected with: Trojan.Spywad.A
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003372.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003372.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003373.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003373.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003373.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003374.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003374.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003374.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003375.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003375.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003375.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003376.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003376.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003376.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003377.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Adload.J
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003377.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003377.exe=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003378.dll=>(Quarantine-2) Infected with: Trojan.Spy.Agent.AB
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003378.dll=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003378.dll=>(Quarantine-2) Deleted
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003379.exe=>(Quarantine-2) Infected with: Trojan.Spy.Small.DG
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003379.exe=>(Quarantine-2) Disinfection failed
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP22\A0003379.exe=>(Quarantine-2) Deleted





hen this is what HiJack This now says:

Logfile of HijackThis v1.99.1
Scan saved at 21:48:53, on 04/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HiJack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by boo-boo-79, 04 December 2006 - 05:40 PM.


#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 05 December 2006 - 11:32 AM

Ok, I received help from a very kind man to remove some viruses whilst I waited for your help, and think I have sorted a lot of my problems, however today I have followed the steps you suggested anyway, to be doubly sure I was getting rid of the problems because after he'd finished helping me my computer was saying it was clean,

If you are getting help at another forum, then please continue to get his help. It is very important that you deal with only one forum for your fixes. In addition, the helpers at all the forums are volunteers and our time is limited so we try to help as many people as we can. Your taking the time of two volunteers would mean that someone would not be helped. If you decide to continue with me, then you will need to let the other forum know this. It would also be helpful to me if you would give me the thread for the other forum so I could see what has already been done.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 05 December 2006 - 01:18 PM

I didn't get help on another forum, I had help from the husband of a friend who is studying for a degree, but he has helped me as much as he could and I still had problems (as mentioned in my last post) once he'd finished helping me.
He was only ever doing what he could in the meantime whilst I was waiting really.
I didn't and don't want to waste anyones time. I need your help please. :thumbsup:
I just got some help from him because I thought it'd mean you'd need to help me less, but I maybe got that wrong?
I don't have a clue what I'm doing, and just want my computer to work, I don't want to use up peoples valuable time if I don't have to but I do still need help.
I have the emails he sent which I can share with you if that helps?

Edited by boo-boo-79, 05 December 2006 - 01:19 PM.


#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 05 December 2006 - 03:26 PM

No problem then. I will continue to help you. I only asked because we volunteers work on several forums and I did not want to tell you one thing and the other volunteer tell you something else which would only confuse you.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 05 December 2006 - 04:05 PM

Thank you. :thumbsup:
Did you want the info from the emails?

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 05 December 2006 - 04:32 PM

I don't need the emails at this point. Let's take care of some of the problems.

Step 1

I also seem to have Windows messenger running the whole time I'm using either Outlook Express or IE, which my computer never did before. I would rather it didn't do this as I have tried using it in the past and found it has a lot of limitations. Can you help me to sort this out too please?

The first thing to understand is that the Windows Messenger Service is completely different from, and not in any way related to "MSN Messenger", "Windows Messenger", or any other well-known instant messaging system. Therefore, disabling the "Windows Messenger Service" will have NO effect upon your use of any other instant messaging applications. They will continue to work without trouble.

"Windows Messenger Service" is a never-used feature that has been replaced by the various well known, popular, and feature-rich instant messaging systems. But, like a great many other legacy features of "Windows", since it was once included, it survives in case anyone who once used it might still need it. I recommend that you disable "Windows Messenger Service".
  • Please download Shoot the Messenger By Steve Gibson.
  • Click the ShootTheMessenger.exe utility. It will display the current status of your system's "Messenger Service".
  • Set the service to whichever state--running or disabled-- that you desire by using the button near the bottom of its window.
  • If, for any reason, you should ever choose to enable the "Windows Messenger Service", simply re-run ShootTheMessenger to do so.
Step 2

You will note that all the files you listed from the BitDefender Online Scanner are in two places, Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine and C:\System Volume Information folder Neither of these will cause any problems. The online scanner reported viruses that Norton AntiVirus had already quarantined and some that were in the System Volume Information Folder.

If you want to empty Norton's Quarantine file,
  • Start Norton AntiVirus.
  • If Norton AntiVirus is installed as part of "Norton SystemWorks" or "Norton Internet Security", then start that program and click Norton AntiVirus.
  • In the left pane, click Reports .
  • Click View Norton Quarantined and Restore .
  • In the left pane, select the type of risk that you want to remove.
  • In the right pane, select the files that you want to remove.
  • Click Delete Item .
  • When you see the message "Warning! Are you sure that you want to remove this item from Quarantine," click Yes .
  • Close the Quarantine window, and then exit Norton AntiVirus.
System Volume Information is actually a part of System Restore; the tool that allows you to set points in time to roll back your computer. The System Volume Information folder is where Windows XP stores these points and associated information that makes them accessible. Under most circumstances, there is no need to access this folder.

Step 3

I also need help with windows update, it won't let me update it now, and keeps taking me back to a page where it says click to continue but it appears to start doing something and then returns to the first page.

Tell me more about what you do and what happens. Do you get any error messages? If you do, paste the information in your next reply.

Step 4

Do you have Panda Antivirus installed? The entry below belongs to Panda software and I am not sure what it does.

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 05 December 2006 - 05:05 PM

Let's do some checking.
We are going to open your Windows Services.
  • Please click Start > Run.
  • In the RUN dialog box, type services.msc into it and click OK.
  • Click on the Standard bar at the bottom of the Services window to expand the list.
  • Look for Automatic Updates. Click on it once to see its description.
  • Double-click it to see its status. Look at the Startup type box. If it says disabled, click the little arrow on the right and select automatic.
  • Below this you can see the Service Status area. If it says stopped, click the Start button. Windows will then start it. Then click OK.
  • Next, look for the Background Intelligent Transfer Service. Single click to see the description in the left-pane, double-click to make changes.
  • Same procedure here as with the Automatic Updates one. Check and/or adjust the Service type and the Service Status, Enabled,Start and then click OK.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 05 December 2006 - 05:47 PM

Step 1

[*] Please download Shoot the Messenger By Steve Gibson.
[*] Click the ShootTheMessenger.exe utility. It will display the current status of your system's "Messenger Service".
[*] Set the service to whichever state--running or disabled-- that you desire by using the button near the bottom of its window.


I have just done this and it hasn't stopped it from appearing. :thumbsup:

I also need help with windows update, it won't let me update it now, and keeps taking me back to a page where it says click to continue but it appears to start doing something and then returns to the first page.

Tell me more about what you do and what happens. Do you get any error messages? If you do, paste the information in your next reply.

When I go to http://update.microsoft.com/microsoftupdat...t.aspx?ln=en-us it brings me up a screen which says "Files required to use Microsoft Update are no longer registered or installed on your computer. To continue:

(Then gives me these options)
Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem

but when I click on the continue button to register or install the files it seems to be doing it, it says it's checking for files, downloading files (counts upto 100%) then Installing (counts upto 100%) then goes back to the first page I told you about.
When I've clicked on the tell me more option I just feel lost as I can't find an error number for the problem which it seems to use to define the problem.

Step 4

Do you have Panda Antivirus installed? The entry below belongs to Panda software and I am not sure what it does.

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

The only panda I've used is activescan, it must be from that.

Edited by boo-boo-79, 05 December 2006 - 06:15 PM.


#12 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 05 December 2006 - 05:57 PM

Let's do some checking.
We are going to open your Windows Services.


Both were set to automatic and started already.

Edited by boo-boo-79, 05 December 2006 - 05:58 PM.


#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:21 PM

Posted 06 December 2006 - 12:21 PM

We need to do some more investigation. There are no obvious signs of malware in your log. If the WinPFind log does not show any problems, I suggest you post your problem with Windows Update in the Windows XP Home and Professional forum. I am trained to deal with malware. I have to refer computer problems to the appropriate forum.

Step 1

Check to see if you have a System Restore point dated before the vundo, smitfraud and exploit.byteverify infections. Do not do a System Restore yet.

Step 2

WinPFind is a program that scans common locations on your hard drive for files that match certain patterns known to be used by malware. It will also provide exports of certain registry keys that are used by various malware.

Please download WinPfind
  • Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
  • Inside c:\WinPFind is a file called WinPFind.exe.
  • Double-click on this file to launch the program.
  • Click on the Start Scan button
  • Wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
  • When it is done, it will show the results of the scan.
  • Click on the Copy to Clipboard button
  • Paste the contents of the log in your clipboard in your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 06 December 2006 - 06:11 PM

I don't have a restore point before the infections happened. :thumbsup:
I'm just running the winpfind now

#15 boo-boo-79

boo-boo-79
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:21 AM

Posted 06 December 2006 - 06:15 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Logfile created on: 06/12/2006 23:06:47
WinPFind v1.5.0 Folder = C:\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 19/06/2006 15:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 16/11/2006 05:20:40 10474920 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 16/11/2006 05:20:40 10474920 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 04/08/2004 07:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04/08/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04/08/2004 07:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 29/08/2002 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 19/06/2006 15:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 19/04/2004 12:57:44 1300936 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys ( )

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
05/12/2006 02:12:30 S 2048 C:\WINDOWS\bootstat.dat ()
16/10/2006 15:35:46 S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat ()
13/10/2006 12:55:52 S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat ()
13/10/2006 13:33:10 S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat ()
06/12/2006 23:03:16 H 1024 C:\WINDOWS\system32\config\default.LOG ()
06/12/2006 23:00:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
06/12/2006 23:01:34 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
06/12/2006 23:06:34 H 1024 C:\WINDOWS\system32\config\software.LOG ()
06/12/2006 23:03:52 H 1024 C:\WINDOWS\system32\config\system.LOG ()
20/11/2006 23:19:06 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
27/11/2006 22:14:40 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
27/11/2006 22:14:40 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
27/11/2006 22:14:38 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
27/11/2006 22:14:40 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
27/11/2006 22:14:40 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
27/11/2006 22:14:38 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
04/12/2006 18:54:20 H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
18/11/2006 00:10:02 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7a6029e5-be2e-48fb-8fbd-a2eb417d5574 ()
18/11/2006 00:10:02 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
05/12/2006 02:12:40 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
04/08/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
04/08/2004 07:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04/08/2004 07:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
04/08/2004 07:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04/08/2004 07:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04/08/2004 07:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
04/08/2004 07:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04/08/2004 07:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04/08/2004 07:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
04/08/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
12/10/2006 03:10:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
29/08/2002 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
04/08/2004 07:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
29/08/2002 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
04/08/2004 07:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04/08/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
04/08/2004 07:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04/08/2004 07:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
06/01/2004 15:02:36 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
28/03/2004 16:42:52 454656 C:\WINDOWS\SYSTEM32\slcpappl.cpl ()
04/08/2004 07:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
29/08/2002 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
04/08/2004 07:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04/08/2004 07:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - Microsoft Data Collection Control - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - Symantec Download Bridge - CodeBase = http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
19/09/2002 19:49:28 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/09/2002 19:37:26 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
19/09/2002 19:49:28 HS 84 C:\Documents and Settings\Victoria\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
19/09/2002 19:37:26 HS 62 C:\Documents and Settings\Victoria\Application Data\desktop.ini ()
28/06/2006 22:04:34 239256 C:\Documents and Settings\Victoria\Application Data\GDIPFONTCACHEV1.DAT ()

Checking Selected Registry Keys

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
\\Local Page - C:\windows\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.co.uk/
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{724d43a9-0d85-11d4-9908-00400523e39a} - = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - = ()
\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 =
\\NEXTID - 8202
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 =
\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} - 8197 =
\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} - 8198 =
\\{724d43aa-0d85-11d4-9908-00400523e39a} - 8199 =
\\{6224f700-cba3-4071-b251-47cb894244cd} - 8200 =
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8201 = Uninstall BitDefender Online Scanner v8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Apps\RecordNow\shlext.dll ()
\\{F802F260-519B-11D1-BB5D-0060974C6013} - ICQ Shell Extension = C:\Program Files\ICQ\ICQShExt.dll (ICQ)
\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()
\WinRAR - = ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()
\WinRAR - = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ()
\WinRAR - = ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ACTIVBOARD - c:\apps\ABoard\ABoard.exe (NEC Computers International)
EPSON Stylus C84 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
SpeedTouch USB Diagnostics - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
THGuard - C:\Program Files\TrojanHunter 4.6\THGuard.exe (Mischel Internet Security)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Victoria\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = ()
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{509C0B0D-EED4-49BA-9152-7337595C7CAF} - (1394 Net Adapter)
{56C6F49F-37A3-410D-ADF5-CBDBC3A71E48} - (3Com 3C920B-EMB-WNM Integrated Fast Ethernet Controller)
{B81FC8BC-A693-4C1A-8F9E-4E957F2FA1F8} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


Scan Complete




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users