Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Keep Getting Redirected To A Website Called Miaminews..probably Have Other Problems I Havent Found Yet Either.


  • This topic is locked This topic is locked
17 replies to this topic

#1 Chadwick0211

Chadwick0211

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 March 2007 - 05:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:23:48 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\common files\aol\1142637861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;m.2mdn.net;cf.netzero.net;qs.netzero.net;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdosysv.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5856B416-0FA6-095C-F0ED-05D58C75B09F} - C:\WINDOWS\system32\eqwb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer = 64.136.28.122 64.136.20.122
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 31 March 2007 - 05:18 PM

Hello Chadwick0211,

I am SifuMike and I will be helping you. :thumbsup:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
******************

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

******************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the BitDefender log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 31 March 2007 - 05:26 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 April 2007 - 01:16 AM

Thank You for your time in helping me with my problem.. Here is the first log from BitDefender..Good Luck..

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Sun, Apr 01, 2007 - 02:07:59</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:55:12</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">259710</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5468</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7786</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">17199</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">25</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">77</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">137</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">411940</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">31</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.FatObfus.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.SwfDL.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Generic.XPL.IECrash.FABE8FE5</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Generic.XPL.IECrash.FABE8FE5</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Generic.XPL.CRange.F80A3E47</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.Istbar.LU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B427A6E.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Worm.VB.DW</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B427A6E.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.JS.Downloader.ABN</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Generic.XPL.ADODB.7C42ACF7</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Exploit.Win32.MS05-002.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.JS.Downloader.ABN</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Exploit.Win32.MS05-002.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Java.Classloader.C</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)</font></p>
</td>
<td width="4

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 01 April 2007 - 10:40 AM

Hi Chadwick0211,

The BitDefender log you posted is an eye killer. :thumbsup: I cant read it.

If you still have BidDefender the log, please send it again. Just cut and paste it the Cut and paste to this thread.
It should look something like this sample:

BitDefender Online Scanner

Scan report generated at: Sun, Mar 18, 2007 - 14:17:28
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time 01:32:35

Files 510262

Folders 6498

Boot Sectors 3

Archives 13455

Packed Files 46629

Results

Identified Viruses 3

Infected Files 7

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 6


You forgot to send the AVG antispyware log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 April 2007 - 12:17 PM

Sorry.. Didn't mean to send an eye killer.. :thumbsup: ..I Hope this works a bit better for you.. Oh and by the way, the link you provided me for AVG Anti-Spyware 7.5 keeps redirecting me to SpywareSheriff.com...I have a feeling that is not where I need to go concidering the directions you gave for for posting a log from AVG..Is there another way to access that site? Thank You again.. Chadwick

BitDefender Online Scanner



Scan report generated at: Sun, Apr 01, 2007 - 02:07:59





Scan path: A:\;C:\;D:\;







Statistics

Time
01:55:12

Files
259710

Folders
5468

Boot Sectors
2

Archives
7786

Packed Files
17199




Results

Identified Viruses
25

Infected Files
77

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
137




Engines Info

Virus Definitions
411940

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
13

Archive plugins
31

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006
Disinfection failed

C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)=>lzma_nsis0006
Deleted

C:\Documents and Settings\Collin\Desktop\Limewire Downloads\1click dvd copy keygen.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GQZ3935A\CACWY810.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAJJ0GRE.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\CAKVIX8L.swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\GTE34PM3\cd518b6[1]
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\ed36ac37861e0b5e9f2bd7c7a791e150[1].swf
Update failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]
Disinfection failed

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]=>[SWF command]
Deleted

C:\Documents and Settings\Collin\Local Settings\Temporary Internet Files\Content.IE5\U6ZZDGBV\fd8f78e3[1]
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\03B55F83.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\080F60C2.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)
Infected with: Generic.XPL.CRange.F80A3E47

C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0F451B82.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1799530A.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\179C7D07.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.LU

C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\19962807.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1B427A6E.tmp=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\1B427A6E.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)
Infected with: Trojan.JS.Downloader.ABN

C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1C2E4E73.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.7C42ACF7

C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\213E506D.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\273367DF.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)
Infected with: Trojan.JS.Downloader.ABN

C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\27A84F5E.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\29576FAF.anr=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.C

C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\295E43A8.cla=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\29616DA4.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\29616DA4.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\29616DA4.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\296417A1.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Program Files\Norton AntiVirus\Quarantine\296417A1.wmf=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\296417A1.wmf=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2968419D.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\2968419D.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2968419D.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\296B6B9A.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\296B6B9A.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\296B6B9A.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\296E1596.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\296E1596.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\296E1596.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\29713F92.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\29713F92.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\29713F92.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2975698F.htm=>(Quarantine-2)
Infected with: Trojan.Exploit.Js.Cve.2005.1790.J

C:\Program Files\Norton AntiVirus\Quarantine\2975698F.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2975698F.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\40175424.htm=>(Quarantine-2)
Infected with: Trojan.JS.Downloader.ABN

C:\Program Files\Norton AntiVirus\Quarantine\40175424.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\40175424.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\497D3D83.htm=>(Quarantine-2)
Infected with: Generic.XPL.IECrash.FABE8FE5

C:\Program Files\Norton AntiVirus\Quarantine\497D3D83.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\497D3D83.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4B8D5B96.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton AntiVirus\Quarantine\4B8D5B96.anr=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4B8D5B96.anr=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4BA05780.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.89695CB5

C:\Program Files\Norton AntiVirus\Quarantine\4BA05780.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4BA05780.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4BA72B79.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Program Files\Norton AntiVirus\Quarantine\4BA72B79.wmf=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4BA72B79.wmf=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4BAD7F72.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.89695CB5

C:\Program Files\Norton AntiVirus\Quarantine\4BAD7F72.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4BAD7F72.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4BB1296E.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.7C42ACF7

C:\Program Files\Norton AntiVirus\Quarantine\4BB1296E.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4BB1296E.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F985922.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton AntiVirus\Quarantine\4F985922.anr=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F985922.anr=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4FBF50F7.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.7C42ACF7

C:\Program Files\Norton AntiVirus\Quarantine\4FBF50F7.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4FBF50F7.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4FC27AF4.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Program Files\Norton AntiVirus\Quarantine\4FC27AF4.wmf=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4FC27AF4.wmf=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4FC524F0.htm=>(Quarantine-2)
Infected with: Trojan.JS.Downloader.ABN

C:\Program Files\Norton AntiVirus\Quarantine\4FC524F0.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4FC524F0.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4FE57EE1.tmp=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\4FE57EE1.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5B790394.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\5B790394.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\613A5EC4.tmp=>(Quarantine-2)
Infected with: Worm.Vb.AN

C:\Program Files\Norton AntiVirus\Quarantine\613A5EC4.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\613A5EC4.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\69734949.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\Program Files\Norton AntiVirus\Quarantine\69734949.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\69734949.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.anr=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.anr=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.89695CB5

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.wmf=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\699D212D.wmf=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\69A14B2A.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.7C42ACF7

C:\Program Files\Norton AntiVirus\Quarantine\69A14B2A.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\69A14B2A.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6B3C7565.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.89695CB5

C:\Program Files\Norton AntiVirus\Quarantine\6B3C7565.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6B3C7565.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6B661736.htm=>(Quarantine-2)
Infected with: Generic.XPL.ADODB.7C42ACF7

C:\Program Files\Norton AntiVirus\Quarantine\6B661736.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6B661736.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6B6D6B2F.htm=>(Quarantine-2)
Infected with: Trojan.JS.Downloader.ABN

C:\Program Files\Norton AntiVirus\Quarantine\6B6D6B2F.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6B6D6B2F.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6D8B24DB.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Program Files\Norton AntiVirus\Quarantine\6D8B24DB.wmf=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6D8B24DB.wmf=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\713156C4.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\Program Files\Norton AntiVirus\Quarantine\713156C4.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\713156C4.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\713500C0.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\Program Files\Norton AntiVirus\Quarantine\713500C0.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\713500C0.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\73C41F14.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZI

C:\Program Files\Norton AntiVirus\Quarantine\73C41F14.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\73C41F14.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\76A314D8.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\76A314D8.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\77E35875.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Downloader.OpenStream.C

C:\Program Files\Norton AntiVirus\Quarantine\77E35875.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\77E35875.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\797F51B3.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\Program Files\Norton AntiVirus\Quarantine\797F51B3.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\797F51B3.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\79F46A2F.tmp=>(Quarantine-2)
Infected with: Trojan.Downloader.AMH

C:\Program Files\Norton AntiVirus\Quarantine\79F46A2F.tmp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\79F46A2F.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7A0E7F13.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\Program Files\Norton AntiVirus\Quarantine\7A0E7F13.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7A0E7F13.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B890F74.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\Program Files\Norton AntiVirus\Quarantine\7B890F74.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B890F74.exe=>(Quarantine-2)
Deleted

C:\Program Files\XoftSpy\Quarantine\Quarantine06-10-2006-21-28-01.xpy=>(Embedded EXE g)=>(Embedded EXE 7o)
Detected with: Adware.Mywebsearch.G

C:\Program Files\XoftSpy\Quarantine\Quarantine06-10-2006-21-28-01.xpy=>(Embedded EXE g)=>(Embedded EXE 7o)
Disinfection failed

C:\Program Files\XoftSpy\Quarantine\Quarantine06-10-2006-21-28-01.xpy=>(Embedded EXE g)=>(Embedded EXE 7o)
Deleted

C:\Program Files\XoftSpy\Quarantine\Quarantine06-10-2006-21-28-01.xpy=>(Embedded EXE g)
Update failed

C:\Program Files\XoftSpy\Quarantine\Quarantine21-02-2007-19-24-29.xpy=>(Embedded EXE g)
Infected with: Trojan.Downloader.Colibitik.A

C:\Program Files\XoftSpy\Quarantine\Quarantine21-02-2007-19-24-29.xpy=>(Embedded EXE g)
Disinfection failed

C:\Program Files\XoftSpy\Quarantine\Quarantine21-02-2007-19-24-29.xpy=>(Embedded EXE g)
Deleted

C:\Program Files\XoftSpy\Quarantine\Quarantine21-02-2007-19-24-29.xpy
Update failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069793.dll
Infected with: Trojan.Downloader.AIP

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069793.dll
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069793.dll
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069794.dll
Infected with: Trojan.Downloader.Small.DDP

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069794.dll
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP360\A0069794.dll
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074225.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074225.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074226.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074226.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074226.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074227.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074227.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074227.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074228.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ARA

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074228.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074228.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074229.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZI

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074229.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074229.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074230.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074230.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074231.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074231.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074231.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074232.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074232.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074232.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074233.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.AZE

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074233.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP402\A0074233.exe=>(Quarantine-2)
Deleted

C:\WINDOWS\system32\cdosysv.dll
Infected with: Trojan.UrlChanger.A

C:\WINDOWS\system32\cdosysv.dll
Disinfection failed

C:\WINDOWS\system32\cdosysv.dll
Delete failed

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 01 April 2007 - 12:32 PM

Hi Chadwick0211,


Thanks, that BitDefender scan just want I needed to see.


Have you been downloading cracks using Limewire? :thumbsup: I see keygen listed . Cracks are a major source of malware.

the link you provided me for AVG Anti-Spyware 7.5 keeps redirecting me to SpywareSheriff.com...I have a feeling that is not where I need to go concidering the directions you gave for for posting a log from AVG..Is there another way to access that site?




Just checked the AVG anti-spwyare link and it is correct. That means you are being redirected my malware to SpySheriff.com site. Let's run SmitfraudFix and see what it finds. :flowers:


Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Edited by SifuMike, 01 April 2007 - 12:38 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 April 2007 - 06:05 PM

Here's the log to SmitFraud.. Everything I download from Limewire I scan with Norton.. So how did I get an infected file? Was my Norton just not updated?

SmitFraudFix v2.162

Scan done at 19:00:03.07, Sun 04/01/2007
Run from C:\Documents and Settings\Collin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
c:\program files\common files\aol\1142637861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Collin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Collin\Application Data

C:\Documents and Settings\Collin\Local Settings\Application Data\SpywareSheriff FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\SpywareSheriff FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Collin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\Collin\Desktop\SpywareSheriff.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpywareSheriff\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/Documents%20and%20Settings/Collin/Desktop/Image5.gif"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/Collin/Desktop/Image5.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 64.136.28.122
DNS Server Search Order: 64.136.20.122

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer=64.136.28.122 64.136.20.122
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer=205.188.146.145
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer=64.136.28.122 64.136.20.122


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 01 April 2007 - 07:58 PM

Hi Chadwick0211,

Everything I download from Limewire I scan with Norton.. So how did I get an infected file? Was my Norton just not updated?


Norton (or any other antivirus program) does not find every malware,as they only find what is in their definition files. Going to crack or warez sites a sure way to get infected. :thumbsup:


You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log. The SmitfraudFix report can also be found at the root of the system drive, usually at C:\rapport.txt.
Also run the AVG antispyware as per my previous instuctions and post the log.


Warning : running option #2 on a non infected computer will remove your Desktop background.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 April 2007 - 11:51 PM

Hey SifuMike,

Here is the refreshed HighJack and SmitFraud logs. Unfortunatly, I still am unable to access the AVG Spyware website to download and post that particular log. I am still being redirected to spywaresheriff.com..

HIGHJACK LOG

Logfile of HijackThis v1.99.1
Scan saved at 12:28:36 AM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\common files\aol\1142637861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142637861\ee\aolsoftware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;m.2mdn.net;cf.netzero.net;qs.netzero.net;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdosysv.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5856B416-0FA6-095C-F0ED-05D58C75B09F} - C:\WINDOWS\system32\eqwb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

SMITFRAUD LOG

SmitFraudFix v2.162

Scan done at 0:06:12.54, Mon 04/02/2007
Run from C:\Documents and Settings\Collin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost #***Inserted By STOPzilla***

127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 msmn.com # ***Inserted By STOPzilla***
127.0.0.1 musah.info # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***
127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 on-search.com # ***Inserted By STOPzilla***
127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 picslab.com # ***Inserted By STOPzilla***
127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
127.0.0.1 search4www.com # ***Inserted By STOPzilla***
127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
127.0.0.1 vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1 wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1 www.0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.600pics.com # ***Inserted By STOPzilla***
127.0.0.1 www.all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
127.0.0.1 www.besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 www.flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 www.granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 www.heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 www.lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 www.mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 www.more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 www.msmn.com # ***Inserted By STOPzilla***
127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 www.onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1 www.picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 www.picslab.com # ***Inserted By STOPzilla***
127.0.0.1 www.procounter.biz # ***Inserted By STOPzilla***
127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 www.searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 www.sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 www.sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 www.surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 www.teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 www.teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 www.traff4ppc.biz # ***Inserted By STOPzilla***
127.0.0.1 www.vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1 www.wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1 www.ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 www.zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 www.zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla***
127.0.0.1 ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\Administrator\Local Settings\Application Data\SpywareSheriff\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer=205.188.146.145


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 02 April 2007 - 12:02 AM

Hi Chadwick0211,

am still being redirected to spywaresheriff.com..



SmitfruadFix should have taken care of the redirection problem. :thumbsup:

Lets try a different approach.

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Now see if you can download AVG antispyware. Then follow the directions I gave you in the previous post. You must run it in the Safe Mode for it work properly.

Let me know. :flowers:

Edited by SifuMike, 02 April 2007 - 12:20 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 April 2007 - 10:53 AM

SifuMike,
There was only one thing to delete under the web tab for display properties. I deleted it, but yet, im still being redirected to spyware sheriff.. :thumbsup:
And on certain sites that im trying to go to, im still be redirected to miaminews..
I must have the funk pretty badly..

Edited by Chadwick0211, 02 April 2007 - 11:55 AM.


#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 02 April 2007 - 12:38 PM

Hi Chadwick0211,


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdosysv.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: (no name) - {5856B416-0FA6-095C-F0ED-05D58C75B09F} - C:\WINDOWS\system32\eqwb.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)



The following are not necessarily spyware/malware, but I suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
(Description: System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. Removing this entry will free up a small amount of system resources. )

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
(Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. )

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

(Description: Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier. Removing this entry will free up a significant amount of system resources. )

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.


Let's empty the temp files:

Run CCleaner.

Do not use the "Issues" block . It's meant for professionals.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot your computer.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.



Post a new Hijackthis log, the ComboFix log and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 April 2007 - 04:11 PM

SifuMike,

Here are the Hijackthis and Combofix logs. Something worked!!! :flowers: Im not getting redirected to that gawd-awful website anymore. And I can actually access the AVG Anti-spyware link you provided earlier.

Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 4:54:54 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1142637861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142637861\ee\aolsoftware.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;m.2mdn.net;cf.netzero.net;qs.netzero.net;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142637861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B85A8CF-CF1A-4813-A974-386C61209933}: NameServer = 64.136.28.122 64.136.20.122
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Combofix Log

"Collin" - 07-04-02 16:41:29 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Collin\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{3C93C~1\Bar888.dll.lzma
C:\Program Files\Common Files\{3C93C~1
C:\Program Files\Common Files\{FC93C~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))


2007-04-02 16:02 <DIR> d-------- C:\Program Files\CCleaner
2007-04-01 18:58 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-01 18:58 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-01 18:58 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-01 18:58 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-01 18:58 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-01 18:58 2,090 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-01 18:58 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-31 22:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-03-31 22:18 <DIR> d-------- C:\Program Files\Java
2007-03-31 22:18 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-27 20:43 <DIR> d-------- C:\DOCUME~1\Collin\.housecall6.6
2007-03-26 19:23 <DIR> d-------- C:\Descent
2007-03-26 19:23 <DIR> d-------- C:\Atlantis
2007-03-21 17:05 <DIR> d-------- C:\DOCUME~1\Collin\APPLIC~1\acccore
2007-03-21 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-21 17:00 <DIR> d-------- C:\Program Files\AIM6
2007-03-21 15:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-03-20 04:16 194,376 --a------ C:\DOCUME~1\Collin\APPLIC~1\shb.dat
2007-03-20 04:15 <DIR> d-------- C:\Program Files\NZSearch
2007-03-20 03:36 <DIR> d-------- C:\Program Files\NetZero
2007-03-19 23:28 4,980,736 --a------ C:\DOCUME~1\Collin\ntuser.dat
2007-03-16 14:12 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2007-03-13 14:07 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2007-03-10 21:11 <DIR> d-------- C:\Program Files\Guitar Pro 4
2007-03-10 21:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-26 06:40 -------- d-------- C:\Program Files\noadware4
2007-03-20 15:35 -------- d-------- C:\Program Files\aol toolbar
2007-03-13 12:44 -------- d-------- C:\Program Files\dvdfab decrypter 3
2007-03-10 21:40 -------- d-------- C:\DOCUME~1\Collin\APPLIC~1\limewire
2007-02-25 20:08 -------- d-------- C:\Program Files\pcfriendly
2007-02-21 20:41 -------- d-------- C:\Program Files\myspace
2007-02-21 20:40 -------- d-------- C:\Program Files\dvdfab platinum
2007-02-21 20:39 87608 --a------ C:\DOCUME~1\Collin\APPLIC~1\ezpinst.exe
2007-02-21 20:39 7824 --a------ C:\DOCUME~1\Collin\APPLIC~1\pcouffin.cat
2007-02-21 20:39 47360 --a------ C:\DOCUME~1\Collin\APPLIC~1\pcouffin.sys
2007-02-21 20:39 33 --a------ C:\DOCUME~1\Collin\APPLIC~1\pcouffin.log
2007-02-21 20:39 1144 --a------ C:\DOCUME~1\Collin\APPLIC~1\pcouffin.inf
2007-02-21 20:39 -------- d-------- C:\DOCUME~1\Collin\APPLIC~1\vso
2007-02-21 18:00 21504 --a------ C:\WINDOWS\system32\cdosysv.dll
2007-02-18 17:11 -------- d-------- C:\Program Files\bitdownload
2007-02-18 16:33 -------- d-------- C:\Program Files\vso
2007-02-11 22:40 -------- d--h----- C:\Program Files\installshield installation information
2007-02-11 22:40 -------- d-------- C:\Program Files\atari
2007-02-11 20:16 -------- d-------- C:\Program Files\big kahuna reef 2
2007-02-10 18:34 -------- d-------- C:\Program Files\hangstan
2007-02-05 20:13 -------- d-------- C:\Program Files\dvdfab decrypter 3 beta new 3075


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DVDXGhost"=""
"NetZero_uoltray"="C:\\Program Files\\NetZero\\exec.exe regrun"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"untd_recovery"="\"C:\\Program Files\\NetZero\\qsacc\\x1exec.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"VTTimer"="VTTimer.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1142637861\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"POINTER"="point32.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"


[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/Documents%20and%20Settings/Collin/Desktop/Image5.gif

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{214cf8b7-b097-11da-ad0a-806d6172696f}]
Shell\AutoRun\command D:\install.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Collin.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-02 16:51:32


It looks like my computer is running oh so much better now.. :thumbsup: as soon as we are finished, can you please advise me on the best ways to keep my computer clean and running efficiantly? I have many anti-virus programs that I use and I am wondering if they are actually working as advertized.

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:25 PM

Posted 02 April 2007 - 04:47 PM

Hi Chadwick0211,

Looks like you had a Purtiy scan infection.

Hate to be like Columbo, but could you do just one more thing... :thumbsup:

Boot to the Safe Mode and run AVG antispyware (see my previous instructions) and then post a fresh Hijackthis and the AVG antispyware log.

Edited by SifuMike, 02 April 2007 - 04:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Chadwick0211

Chadwick0211
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 April 2007 - 05:05 PM

Hi Chadwick0211,

Looks like you had a Purtiy scan infection.

Hate to be like Columbo, but could you do just one more thing... :thumbsup:

Boot to the Safe Mode and run AVG antispyware (see my previous instructions) and then post a fresh Hijackthis and the AVG antispyware log.

Sure can.. Now that I can download the AVG antispyware program.. I will definatly recommend this site to anyone I know with computer problems, and I WILL be donating to this website promptly afterwards..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users