Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Dasnootz


  • Please log in to reply
7 replies to this topic

#1 dasnootz

dasnootz

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 15 December 2006 - 01:16 PM

I'm at my wits end. I've run Ewido, Spybot S&D, and Ad-aware. I've also run my virus scans through Norton Anti-virus and Panda's free online search.

My computer has become very sluggish.

Here's the HJT Log, and I would greatly appreciate any help.

Thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 1:09:01 PM, on 12/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Downloaded Program Files\webex\319\RAAGTAPP.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\Downloaded Program Files\webex\319\raagtx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GMR\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nnymls.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SiICfg.lnk = ?
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {628912C3-392D-11D2-B3E4-00AA00B42B7C} (FarPoint Calendar (OLEDB)) - https://www.realtimerental.com/rrv10/user/fpCal30.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...191885OneCC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - https://www.realtimerental.com/rrv10/user/sscala32.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CD0CC2-0A70-4FB7-AB95-9EF64EE5E216}: NameServer = 24.92.226.12,24.92.226.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AT Host Service (atnthost) - WebEx - C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

BC AdBot (Login to Remove)

 


m

#2 dasnootz

dasnootz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 20 December 2006 - 02:14 PM

I haven't heard anything i fives days so I've been doing more cleaning on my own. Here is my updated log.

Logfile of HijackThis v1.99.1
Scan saved at 2:02:27 PM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Downloaded Program Files\webex\319\RAAGTAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Downloaded Program Files\webex\319\raagtx.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\GMR\Desktop\HiJackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nnymls.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {628912C3-392D-11D2-B3E4-00AA00B42B7C} (FarPoint Calendar (OLEDB)) - https://www.realtimerental.com/rrv10/user/fpCal30.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...191885OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166624377390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - https://www.realtimerental.com/rrv10/user/sscala32.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CD0CC2-0A70-4FB7-AB95-9EF64EE5E216}: NameServer = 24.92.226.12,24.92.226.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AT Host Service (atnthost) - WebEx - C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:26 AM

Posted 22 December 2006 - 01:37 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.

#4 dasnootz

dasnootz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 December 2006 - 10:25 AM

The problems are still not resolved. The computer is running very sluggishly. I've installed new RAM to the computer, thinking that it might be a hardware problem on that end (1 Gig DDR) and it showed little improvement.

I noticed sever lag.

Here's my HJT log. I've run Ad-Aware, SpyBotS&D, e-wido, Stinger, Panda's Active scan and they all come up with nothing.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:15 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Downloaded Program Files\webex\319\RAAGTAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Downloaded Program Files\webex\319\raagtx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Corel\WordPerfect Office 2002\Programs\Wpwin10.exe
C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\Connector.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\GMR\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nnymls.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {628912C3-392D-11D2-B3E4-00AA00B42B7C} (FarPoint Calendar (OLEDB)) - https://www.realtimerental.com/rrv10/user/fpCal30.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...191885OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166624377390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - https://www.realtimerental.com/rrv10/user/sscala32.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CD0CC2-0A70-4FB7-AB95-9EF64EE5E216}: NameServer = 24.92.226.12,24.92.226.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AT Host Service (atnthost) - WebEx - C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:26 AM

Posted 27 December 2006 - 11:02 AM

I don't see anything wrong here, let's dig a little deeper.

Download and save Blacklight to your desktop.
Double-click blbeta.exe then accept the agreement.
Click on scan then click next,
You'll see a list of all items found.
Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

David

#6 dasnootz

dasnootz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 28 December 2006 - 12:45 PM

Thanks for the help. Here's what we got after running the scans: I'll have to break up the Kaspersky into a few more posts because it's too large for the acceptable post size.

HJT LOG
Logfile of HijackThis v1.99.1
Scan saved at 12:38:45 PM, on 12/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Downloaded Program Files\webex\319\RAAGTAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Downloaded Program Files\webex\319\raagtx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\GMR\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nnymls.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Access Anywhere Agent.LNK = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {628912C3-392D-11D2-B3E4-00AA00B42B7C} (FarPoint Calendar (OLEDB)) - https://www.realtimerental.com/rrv10/user/fpCal30.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a...191885OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166624377390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - https://www.realtimerental.com/rrv10/user/sscala32.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8CD0CC2-0A70-4FB7-AB95-9EF64EE5E216}: NameServer = 24.92.226.12,24.92.226.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AT Host Service (atnthost) - WebEx - C:\WINDOWS\Downloaded Program Files\webex\319\atnthost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[color=#FF0000]Blacklight:

12/28/06 09:20:02 [Info]: BlackLight Engine 1.0.47 initialized
12/28/06 09:20:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/28/06 09:20:03 [Note]: 7019 4
12/28/06 09:20:03 [Note]: 7005 0
12/28/06 09:20:06 [Note]: 7006 0
12/28/06 09:20:06 [Note]: 7011 3080
12/28/06 09:20:06 [Note]: 7026 0
12/28/06 09:20:07 [Note]: 7026 0
12/28/06 09:20:11 [Note]: FSRAW library version 1.7.1020
12/28/06 09:47:07 [Note]: 2000 1012
12/28/06 09:47:07 [Note]: 2000 1012
12/28/06 09:47:31 [Note]: 7007 0

#7 dasnootz

dasnootz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 28 December 2006 - 12:48 PM

Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 28, 2006 12:38:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/12/2006
Kaspersky Anti-Virus database records: 240359
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
H:\
Z:\

Scan Statistics:
Total number of scanned objects: 117750
Number of viruses found: 34
Number of infected objects: 3578 / 0
Number of suspicious objects: 492
Duration of the scan process: 01:54:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12202006-115530.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\77461271.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DFF5B64E.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\GMR\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\GMR\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-254b76b-19eb9bbd.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\GMR\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-273cccbd-11843449.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\GMR\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Business Contact Manager\MSBusinessContactManager.ldf Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Business Contact Manager\MSBusinessContactManager.mdf Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/10 Jan 2005 07:46 to Roger:PayPalŪ Account Review Department.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/09 Jan 2005 22:38 from PayPal Team:PayPalŪ Account Review Depart.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/10 Jan 2005 02:19 to Roger:PayPalŪ Account Review Department.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/28 Jan 2005 01:52 to Roger:PayPalŪ Account Review Department.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/25 Feb 2005 00:42 from PayPal:[Norton AntiSpam] PayPal Flagged A.html Infected: Trojan-Spy.HTML.Paylap.bj skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/06 Jan 2005 01:52 to Roger:PayPalŪ Account Review Department.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 6 skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8280BB99-54BE-4E3A-A76C-E2D8F4E0693A} Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\History\History.IE5\MSHist012006122820061229\index.dat Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Temp\INMEM000.REM Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Temp\REPORT\zoo805.tmp Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Temp\Report32\PDOXUSRS.LCK Object is locked skipped
C:\Documents and Settings\GMR\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\GMR\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\GMR\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\QBDataServiceUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\QBDataServiceUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\QBDataServiceUser\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\QBDataServiceUser\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\000101EB Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\00042BE8 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\004F7119 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\00596F0E/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\00596F0E ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00596F0E CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\006940FC Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\006F14F5/[From spencerc@agr.gc.ca][Date Sat, 20 Nov 2004 08:05:14 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\006F14F5/[From spencerc@agr.gc.ca][Date Sat, 20 Nov 2004 08:05:14 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\006F14F5 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\006F14F5 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00A76422/story.rtf.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\00A76422 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00A76422 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01821367 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\01994438 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\01A91626 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\01B344EE Infected: Email-Worm.Win32.Klez.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\01BA6814/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\01BA6814 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01BA6814 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01C71006 Infected: Email-Worm.Win32.Bagle.as skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FD566E/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FD566E ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FD566E CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FE0A9C/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FE0A9C ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01FE0A9C CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\022B0657 Infected: Email-Worm.Win32.Klez.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\023C2857/[From hula_hoop99@hotmail.com][Date Wed, 1 Dec 2004 07:06:49 -0500]/mp3music.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\023C2857 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\023C2857 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\023E0241/[From dawn.baptist@eielson.af.mil][Date Mon, 13 Dec 2004 15:46:07 -0500]/your_file.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\023E0241 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\023E0241 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02480036/[From smcconnell@northstar.k12.ak.us][Date Mon, 13 Dec 2004 16:51:34 -0500]/all_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\02480036 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02480036 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0255588F/text.htm .scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\0255588F ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0255588F CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\025C7C21/[From quinnhelm@cox.net][Date Mon, 13 Dec 2004 19:45:59 -0600]/your_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\025C7C21 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\025C7C21 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\025D233F Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\026A4B31 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\026D5EB3 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\02754EF9 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\02787323 Infected: Email-Worm.Win32.NetSky.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\027E30A1 Infected: Email-Worm.Win32.NetSky.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\02BF7859 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\02C5355B/schock.rtf.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\02C5355B ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02C5355B CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02C64C51 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\02CC4BDE/creditcard.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\02CC4BDE ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02CC4BDE CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\02E61BC1 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\02ED7A0D Infected: Email-Worm.Win32.Bagle.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\03041FF4 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\032E0914 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\036469D4/class_photos.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\036469D4 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\036469D4 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\036E520B/[From niner@wired.com][Date Thu, 4 Nov 2004 08:04:37 -0500]/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\036E520B Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\036E520B CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\03866ED5/part2.txt.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\03866ED5 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\03866ED5 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\03BD5B22 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\03C446FB Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\03CE2D10 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\03D40109 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\03DB5501 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\03E46E8A Infected: Email-Worm.Win32.Bagle.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\03E552F7 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\04000881 Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\041972BD Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\042944AB/associal.txt.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\042944AB ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\042944AB CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\042C6EA8 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\04853D96/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\04853D96 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\04853D96 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\04960F84 Infected: Email-Worm.Win32.Bagle.as skipped
C:\Program Files\Norton AntiVirus\Quarantine\04CD3EF1 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\04E15532 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\04EE62CD/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\04EE62CD ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\04EE62CD CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\050B5CAD/auction.txt.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\050B5CAD ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\050B5CAD CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05133B8D/[From cpernice@twcny.rr.com][Date Mon, 22 Nov 2004 15:46:41 -0500]/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\05133B8D Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05133B8D CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053A3362/[From customerservice23672@wellsfarg...][Date Mon, 22 Nov 2004 16:44:15 -0500]/your_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\053A3362 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\053A3362 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05540345 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\05727D25 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0594080A Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05962E58 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\059B5C03 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05A12FFB Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05A803F4 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05AB2DF1 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05B201E9 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\05BF29DB Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\05D804AA Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\05E22F56 Infected: Email-Worm.Win32.Klez.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\05E62C9B Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\05EC0094/[From 2@exchange2.mail.ocwen.co.in][Date Tue, 12 Oct 2004 13:57:51 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\05EC0094/[From 2@exchange2.mail.ocwen.co.in][Date Tue, 12 Oct 2004 13:57:51 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\05EC0094 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05EC0094 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05F6077B Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\05FC5B73/[From serviceconsulting@quickbooks.com][Date Wed, 11 Aug 2004 12:03:47 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\05FC5B73/[From serviceconsulting@quickbooks.com][Date Wed, 11 Aug 2004 12:03:47 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\05FC5B73 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\05FC5B73 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\060D2D62/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\060D2D62 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\060D2D62 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06233BBE Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\06290FB7/[From msnbcinvestigates@msnbc.com][Date Wed, 14 Jul 2004 02:01:45 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\06290FB7/[From msnbcinvestigates@msnbc.com][Date Wed, 14 Jul 2004 02:01:45 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\06290FB7 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06290FB7 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\063D0BA1/misc.txt.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\063D0BA1 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\063D0BA1 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\064A3393 Infected: Email-Worm.Win32.NetSky.d skipped


C:\Program Files\Norton AntiVirus\Quarantine\06B30AAA Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\06B52A12 Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\06CB5B3A Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\06D513DB Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\06D53997 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\06DF5724 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\06E80FC5 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\06EF63BE/[From pbernstein@knology.net][Date Thu, 14 Oct 2004 09:17:27 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\06EF63BE/[From pbernstein@knology.net][Date Thu, 14 Oct 2004 09:17:27 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\06EF63BE Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06EF63BE CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06F7132F Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\07011124 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\070419BC Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07231919 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\072A577D/your_stuff.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\072A577D ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\072A577D CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\073F0D7B Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\077B58AF Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0798528F Infected: Email-Worm.Win32.NetSky.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A8247D Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B14AFD/document.txt .scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B14AFD ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B14AFD CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E636FC Infected: Email-Worm.Win32.NetSky.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\080330DC/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\080330DC ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\080330DC CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\080413E5/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\080413E5 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\080413E5 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\083426A6 Infected: Email-Worm.Win32.NetSky.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\08AA0DA7 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F4772/test.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F4772 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F4772 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09463F47/file.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09463F47 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09463F47 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09503F35/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\09503F35 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09503F35 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09566C5F Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\095D6726 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\09600F2A/text.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09600F2A ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09600F2A CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09611123/[From krusso@christa.com][Date Fri, 13 Aug 2004 11:02:57 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\09611123/[From krusso@christa.com][Date Fri, 13 Aug 2004 11:02:57 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\09611123 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09611123 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\096E3914 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\09884508/[From jepfeffer@birch.net][Date Sat, 6 Nov 2004 19:41:32 -0600]/mp3music.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\09884508 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09884508 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\098C2220 Infected: Email-Worm.Win32.Bagle.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\09972F80/[From 85119@www1105.verio-web.com][Date Wed, 5 May 2004 14:19:42 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\09972F80/[From 85119@www1105.verio-web.com][Date Wed, 5 May 2004 14:19:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\09972F80/[From 85119@www1105.verio-web.com][Date Wed, 5 May 2004 14:19:42 -0400]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\09972F80 Mail: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09972F80 CryptFF: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\099F2CE5/document.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\099F2CE5 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\099F2CE5 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A01E0A Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\09B97CC9/text.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09B97CC9 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09B97CC9 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09C662C4/[From cjubic@nycap.rr.com][Date Sat, 6 Nov 2004 06:54:04 -0500]/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\09C662C4 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09C662C4 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09DD7856/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\09DD7856 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09DD7856 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09E44C4E Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\09EA190F/mail2.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\09EA190F ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09EA190F CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09F10621 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\09FB0416 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A02580F Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A082C08 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A0A493A Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A0B4423 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A0B5604 Infected: Email-Worm.Win32.NetSky.t skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A11181C Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A187DF6/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A187DF6 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A187DF6 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A283E03/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A283E03 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A283E03 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A5F5883 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A9A28FB Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AAF622E/friend_story.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AAF622E ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AAF622E CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AB11A34/wife.txt.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AB11A34 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AB11A34 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0ABE4226 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0ABE76D3 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0ACB6A17 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AD26A49 Infected: Email-Worm.Win32.Mydoom.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AE2663A/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AE2663A ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AE2663A CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AE863F7 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AF54096 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B061284 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B1C386B Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2357B6/myaunt_update.rtf.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2357B6 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2357B6 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B237459/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B237459 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B237459 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B29605D Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B474232/msg2.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B474232 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B474232 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B6B2815/[From mspss@gto.net.om][Date Thu, 5 Aug 2004 09:07:37 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B6B2815/[From mspss@gto.net.om][Date Thu, 5 Aug 2004 09:07:37 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B6B2815 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B6B2815 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B721D9C/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B721D9C ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B721D9C CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B7A72A3 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BA31366 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BB03B58 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BE22230/[From administrator@pointroll[1].txt][Date Thu, 10 Jun 2004 04:12:25 -0400]/details.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BE22230/[From administrator@pointroll[1].txt][Date Thu, 10 Jun 2004 04:12:25 -0400]/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BE22230 Mail: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BE22230 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF82039/[From ay.27107053.51445.0@reply3.ebay.com][Date Thu, 20 May 2004 13:04:45 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF82039/[From ay.27107053.51445.0@reply3.ebay.com][Date Thu, 20 May 2004 13:04:45 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF82039/[From ay.27107053.51445.0@reply3.ebay.com][Date Thu, 20 May 2004 13:04:45 -0400]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF82039 Mail: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF82039 CryptFF: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF94817/[From mssupport@gbrands.com][Date Thu, 10 Jun 2004 04:13:39 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF94817/[From mssupport@gbrands.com][Date Thu, 10 Jun 2004 04:13:39 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF94817/[From mssupport@gbrands.com][Date Thu, 10 Jun 2004 04:13:39 -0400]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF94817 Mail: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BF94817 CryptFF: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C0C4401/attach2.rtf.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C0C4401 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C0C4401 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C1D15F0 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C2D67DE Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C324A0C Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C4B67E3 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C5135B6/wife_attach2.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C5135B6 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C5135B6 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C9500C5 Infected: Email-Worm.Win32.NetSky.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD47622 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD56D03 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CDC5E87/[From ges.m0.n@q][Date Tue, 21 Dec 2004 11:59:20 -0600]/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CDC5E87 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CDC5E87 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE11E14/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE11E14 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE11E14 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE7707E Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEE1A1F/jokes.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEE1A1F ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEE1A1F CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF86D15 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D014061/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D014061 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D014061 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D065D3A Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D0C075C Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D155AA8 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D186648 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D1F3A41/[From joakim.moller@swipnet.se][Date Tue, 14 Sep 2004 08:38:37 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D1F3A41/[From joakim.moller@swipnet.se][Date Tue, 14 Sep 2004 08:38:37 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D1F3A41 Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D1F3A41 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D285693 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D313085/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D313085 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D313085 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D366028/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D366028 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D366028 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D3C527D Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D410273/[From pledoux@twcny.rr.com][Date Tue, 1 Jun 2004 11:37:15 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D410273/[From pledoux@twcny.rr.com][Date Tue, 1 Jun 2004 11:37:15 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D410273/[From pledoux@twcny.rr.com][Date Tue, 1 Jun 2004 11:37:15 -0400]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D410273 Mail: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D410273 CryptFF: infected - 1, suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D495C12 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D50300B/[From mrrig1@aol.com][Date Tue, 14 Sep 2004 09:10:44 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D50300B/[From mrrig1@aol.com][Date Tue, 14 Sep 2004 09:10:44 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D50300B Mail: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D50300B CryptFF: suspicious - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D5A2E00 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D826887 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D833BD0/[From new_account@dell.com][Date Tue, 21 Dec 2004 18:56:07 GMT]/dell.bat Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D833BD0 Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D833BD0 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D844FD2 Infected: Email-Worm.Win32.NetSky.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D9961B7/[From ke@cox.net][Date Tue, 21 Dec 2004 19:39:12 GMT]/im_shocked_822.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D9961B7/[From ke@cox.net][Date Tue, 21 Dec 2004 19:39:12 GMT]/im_shocked_822.zip Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D9961B7 Mail: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D9961B7 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E1B2431/textfile.doc.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E1B2431 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E1B2431 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E242227/worker.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E242227 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E242227 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E6E2A39 Infected: Email-Worm.Win32.Bagle.at skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE32DF2 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE37EEF/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE37EEF ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE37EEF CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE901EB/[From naughtybynight1@aol.com][Date Fri, 7 May 2004 10:52:46 -0400]/readme.doc Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE901EB Mail: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE901EB CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F034691/news.doc.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F034691 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F034691 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F545660/associal_letter.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F545660 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F545660 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F571BEE Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F676DDC Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F7757AD Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F7E7831/object.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F7E7831 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F7E7831 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F9E4F82 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0FE34137 Infected: Email-Worm.Win32.NetSky.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\10153CD1/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\10153CD1 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\10153CD1 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\102732EB Infected: Email-Worm.Win32.NetSky.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\102F0CB4 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\103336B1

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:26 AM

Posted 29 December 2006 - 10:40 AM

Hey there dasnootz

Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents.
Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.

Select the item you wish to remove and click on RED 'X' icon to delete it.
This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
Repeat for any other quarantined files you want to remove.

When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

Click Start > Control Panel.

Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

Click Delete Files.
The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.
- Delete Files
- View Applications
- View Applets
Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the fox --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot a final time, how is the PC running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users