Hi. Sorry about the rush but I'm leaving very early tomorrow morning on a ten day trip and this nuisance on our computer is driving our family crazy.
I've followed your six steps of actions ( I had to re-do step one BitDefender a second time, between steps 5 and 6) I hope this doesn' affect anything.
And Thanks in advance for your help,
It is greatly appreciated
Yvon M
ps: Good God...is this list ever long. I hope I did this right? It looks like a lot of work
Logfile of HijackThis v1.99.1
Scan saved at 6:01:36 AM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.porn-info.info/?%20to%20verify%2...8%20years%20old
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.shcwczcmqpecta.com/yDF2sBjOEzbAT2/Y8zCaupDRHand9QtFxlq3qOLI90E.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fn7k9u8w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fn7k9u8w.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {86526A31-F5FE-AF53-844A-8E1D824048C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AB22A5F-E9D8-1E43-2965-24737454BF42} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2855F47-9823-4009-8DBA-6A2C0CBCE9AD} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155774279171
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
BitDefender Online Scanner
Scan report generated at: Fri, Nov 24, 2006 - 00:03:59
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
02:39:53
Files
728504
Folders
11557
Boot Sectors
6
Archives
6883
Packed Files
78949
Results
Identified Viruses
7
Infected Files
9
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
318515
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Owner\Desktop\Don't Know\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP
C:\Documents and Settings\Owner\Desktop\Don't Know\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Documents and Settings\Owner\Desktop\Don't Know\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Documents and Settings\Owner\Desktop\Don't Know\OiUninstaller.exe=>(NSIS o)
Update failed
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:41:40 -0700]=>(MIME part)=>Cool_MP3.zip=>fmlllgqr.exe
Infected with: Win32.Bagle.AJ@mm
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:41:40 -0700]=>(MIME part)=>Cool_MP3.zip=>fmlllgqr.exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:41:40 -0700]=>(MIME part)=>Cool_MP3.zip
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:41:40 -0700]=>(MIME part)
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 49)
Infected with: HTML.Phishing.B
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 49)
Disinfection failed
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 49)
Deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 246)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:33:14 -0700]=>(MIME part)=>Fish.zip=>fmlllgqr.exe
Infected with: Win32.Bagle.AJ@mm
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 246)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:33:14 -0700]=>(MIME part)=>Fish.zip=>fmlllgqr.exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 246)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:33:14 -0700]=>(MIME part)=>Fish.zip
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 246)=>[Subject: Re:][Date: Mon, 19 Jul 2004 11:33:14 -0700]=>(MIME part)
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 246)
Updated
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\exactSetup.exe=>wise0008
Detected with: Adware.ExactSearchBar.A
C:\exactSetup.exe=>wise0008
Disinfection failed
C:\exactSetup.exe=>wise0008
Deleted
C:\exactSetup.exe
Update failed
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0444946.exe
Infected with: Trojan.Moemoneyad.E
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0444946.exe
Disinfection failed
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0444946.exe
Deleted
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe=>(NSIS o)
Infected with: Trojan.Downloader.Zlob.ABB
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe=>(NSIS o)
Disinfection failed
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe=>(NSIS o)
Deleted
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe
Update failed
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE g)
Infected with: Trojan.Sandbox.A
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE g)
Disinfection failed
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE g)
Deleted
C:\WINDOWS\backup\TB040513.DAT
Update failed
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE 2g)
Infected with: Trojan.Sandbox.A
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE 2g)
Disinfection failed
C:\WINDOWS\backup\TB040513.DAT=>(Embedded EXE 2g)
Deleted
C:\WINDOWS\backup\TB040513.DAT
Update failed
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:10:59 PM 11/23/2006
+ Scan result:
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446118.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446119.exe -> Adware.180Solutions : Cleaned.
C:\WINDOWS\system32\mbbi8016.dll -> Adware.BargainBuddy : Cleaned.
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker -> Adware.BlockChecker : Cleaned.
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker -> Adware.BlockChecker : Cleaned.
C:\Program Files\Block Checker -> Adware.BlockChecker : Cleaned.
C:\Program Files\Block Checker\setup.log -> Adware.BlockChecker : Cleaned.
C:\Program Files\Block Checker\setup_finish.exe -> Adware.BlockChecker : Cleaned.
C:\Program Files\Block Checker\uninstall.exe -> Adware.BlockChecker : Cleaned.
HKLM\SOFTWARE\Dsi -> Adware.Delfin : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\Cache\DAF1E752d01 -> Adware.DriveCleaner : Cleaned.
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0444950.exe -> Adware.F1Organizer : Cleaned.
C:\Documents and Settings\Danielle\Application Data\ShopperReports -> Adware.HotBar : Cleaned.
C:\Documents and Settings\Danielle\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned.
C:\Documents and Settings\Danielle\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned.
C:\Documents and Settings\Danielle\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-57989841-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D22A64-2399-4EDF-8B32-F2C729C1E8A7} -> Adware.HQVideoCodec : Cleaned.
HKU\S-1-5-21-57989841-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned.
HKU\S-1-5-21-57989841-1708537768-839522115-1003\Software\Internet Security -> Adware.IntCodec : Cleaned.
C:\WINDOWS\system32\P2P Networking v126.cpl -> Adware.P2PNet : Cleaned.
C:\Program Files\SEP -> Adware.SideFind : Cleaned.
C:\Documents and Settings\Owner\Desktop\Drivers & Programs\SeasonBasketball2003-dm.exe -> Adware.Trymedia : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\contrabandists -> Adware.VirusBurst : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned.
C:\Documents and Settings\Owner\Desktop\Unknown Programs\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.
C:\Documents and Settings\Owner\Desktop\SetUp Programs\SmileyCentralFFSetup2.0.4.18.exe -> Dropper.Small : Cleaned.
C:\WINDOWS\system32\in9bDs.dll -> Dropper.Small.abe : Cleaned.
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.37:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.30:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.511:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.48:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.10:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Ne : Cleaned.
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.599:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.600:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.601:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.602:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.603:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.404:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.405:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.611:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.430:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.467:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lldhkbsn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.12:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\0lfdkgdc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.505:C:\Documents and Settings\Owner\Ap
Full Version: Need Help Today If Possible Nov 24/2006
Welcome to the forum. 
Are you still getting the obscene pop ups?
Open superantispyware and go to preferences>statistics/logs and then double click the date that you last scanned. A text file will open up, post that log for me to see.
Are you still getting the obscene pop ups?
Open superantispyware and go to preferences>statistics/logs and then double click the date that you last scanned. A text file will open up, post that log for me to see.
QUOTE(rridgely @ Nov 24 2006, 06:42 AM) [snapback]55393[/snapback]
Welcome to the forum.
Are you still getting the obscene pop ups?
Open superantispyware and go to preferences>statistics/logs and then double click the date that you last scanned. A text file will open up, post that log for me to see.
Hi
Thanks for repling so quickly
and no I haven't had a pop up so far this morning.
Here is the log file you requested.
Yvon
SUPERAntiSpyware Scan Log
Generated 11/23/2006 at 07:39 PM
Application Version : 3.3.1020
Core Rules Database Version : 3135
Trace Rules Database Version: 1152
Scan type : Complete Scan
Total Scan Time : 00:47:53
Memory items scanned : 614
Memory threats detected : 1
Registry items scanned : 8988
Registry threats detected : 27
File items scanned : 57360
File threats detected : 65
Trojan.Media-Codec
C:\PROGRAM FILES\MMEDIACODEC\PMSNGR.EXE
C:\PROGRAM FILES\MMEDIACODEC\PMSNGR.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
C:\Program Files\MMediaCodec\isauninst.exe
C:\Program Files\MMediaCodec\ot.ico
C:\Program Files\MMediaCodec\pmuninst.exe
C:\Program Files\MMediaCodec\ts.ico
C:\Program Files\MMediaCodec\uninst.exe
C:\Program Files\MMediaCodec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#isamonitor.exe [ C:\Program Files\MMediaCodec\isamonitor.exe ]
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\DENIS\MMCODEC.601.EXE
C:\WINDOWS\Prefetch\PMSNGR.EXE-27DFD1CC.pf
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@mb[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.antivermins[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ex=1[2].txt
C:\Documents and Settings\Owner\Cookies\owner@spylog[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@c1[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@coreg.smileymedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ex=1_[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indexstats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@malwarewipe[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adultjunk[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ppctracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@reduxads.valuead[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Danielle\Cookies\danielle@mywebsearch[1].txt
Adware.IST/SaferScan
HKU\S-1-5-21-57989841-1708537768-839522115-1003\Software\SaferScan
HKLM\Software\SaferScan
HKLM\Software\SaferScan#LoadNum
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan#UninstallString
C:\Program Files\SaferScan\saferscan.exe
C:\Program Files\SaferScan\uninstall.exe
C:\Program Files\SaferScan
C:\Documents and Settings\Owner\Start Menu\Programs\SaferScan\SaferScan.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\SaferScan
Adware.MediaMediatickets
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF}
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
Malware.VirusBurst
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#UninstallString
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0\win32
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\FLAGS
HKCR\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#pmsngr.exe [ C:\Program Files\MMediaCodec\pmsngr.exe ]
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\VB_DISTRIB(2).EXE
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\VB_DISTRIB.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0446094.EXE
Malware.AntiVermins
C:\Program Files\AntiVermins\av.ini
C:\Program Files\AntiVermins\ignored.lst
C:\Program Files\AntiVermins
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0446077.EXE
Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\DENIS\ZANGOINSTALLER.EXE
Adware.180solutions/Search Assistant
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUP PROGRAMS\EMOTICONS.EXE
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\ONLINE SECURITY TEST.URL
Adware.Spyware Labs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1201\A0444949.DLL
Adware.MyWay
C:\WINDOWS\SYSTEM32\XCITE.DLL
Thank you for the log.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
QUOTE(rridgely @ Nov 24 2006, 07:05 AM) [snapback]55395[/snapback]
Thank you for the log.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Me Again
Here are the results from Smitfraudfix.cmd
SmitFraudFix v2.123
Scan done at 7:15:14.10, Fri 11/24/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ioctrl.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\MMediaCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.allposters.com/IMAGES/ATA/21135DC.jpg"
"SubscribedURL"="http://www.allposters.com/IMAGES/ATA/21135DC.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://imagecache2.allposters.com/images/68/046_HEROES_AND_VILLAINS.jpg"
"SubscribedURL"="http://imagecache2.allposters.com/images/68/046_HEROES_AND_VILLAINS.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Yvon
Nice job.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
QUOTE(rridgely @ Nov 24 2006, 07:20 AM) [snapback]55397[/snapback]
Nice job.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
So Far So Good
I did the registry cleaning but I don't know if it did the check if wininet.dll is infected.
I did not see that part.
I had a little problem with Desktop not showing all my icons or even being able to see all my programs in the start menu. I ended up saving the log in MS Word I trust that will be OK
Yvon
oops theres nothing in my SmitFraudLog2
I'll have to redo the SafeMode action
sorry
QUOTE(007rmk @ Nov 24 2006, 08:15 AM) [snapback]55400[/snapback]
So Far So Good
I did the registry cleaning but I don't know if it did the check if wininet.dll is infected.
I did not see that part.
I had a little problem with Desktop not showing all my icons or even being able to see all my programs in the start menu. I ended up saving the log in MS Word I trust that will be OK
Yvon
oops theres nothing in my SmitFraudLog2
I'll have to redo the SafeMode action
sorry
I'm Back
Here's the latest Log
Sorry about the delay and Thanks
Yvon
SmitFraudFix v2.123
Scan done at 8:21:22.60, Fri 11/24/2006
Run from C:\Documents and Settings\Owner\My Documents\Unzipped\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Alright everything was probably cleaned on the first scan through.
Run this last virus scan to make sure nothing is hiding.
Run Kaspersky WebScanner
Post the kaspersky scan log and a new hijackthis log.
Looks like you should get your wish to solve this today.
Run this last virus scan to make sure nothing is hiding.
Run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
- Paste kaspersky log onto forum.
Post the kaspersky scan log and a new hijackthis log.
Looks like you should get your wish to solve this today.
QUOTE(rridgely @ Nov 24 2006, 08:40 AM) [snapback]55407[/snapback]
Alright everything was probably cleaned on the first scan through.
Run this last virus scan to make sure nothing is hiding.
Run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
- Paste kaspersky log onto forum.
Looks like you should get your wish to solve this today.
Well that took a while.
Somehow I missed the extended database button I seemed to go directly to select a target to scan.
If I need to re-do this part let me know.
Following should be the two logs you requested.
Thanks Yvon
KASPERSKY ONLINE SCANNER REPORT
Friday, November 24, 2006 12:58:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/11/2006
Kaspersky Anti-Virus database records: 231330
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 135377
Number of viruses found 7
Number of infected objects 18 / 0
Number of suspicious objects 0
Duration of the scan process 02:27:43
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_MARTEL2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_MARTEL2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnDemandScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx/[From Marteljmartel ][Date Mon, 19 Jul 2004 11:41:40 -0700]/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mike ][Date Mon, 19 Jul 2004 11:33:14 -0700]/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CITI ][Date Mon, 11 Oct 2004 13:44:02 -0300]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CitiBank ][Date Fri, 08 Oct 2004 19:32:51 -0700]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/05 Oct 2004 17:25 to yman@shaw.ca:[Shaw Suspected Junk Email] Ur.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Sep 2004 11:24 to yman@shaw.ca:[Shaw Suspected Junk Email] Of.html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/27 Sep 2005 12:56 to ymart@shaw.ca:Potentially unwanted message .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/31 Oct 2005 23:33 from eBay:Potentially unwanted message body de.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Jan 2006 03:17 from eBay Inc:Potentially unwanted message bod.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 5 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006112420061125\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET28D0.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\LimeWire\Danielles\(full) 1234 theset 50.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\LimeWire\Incomplete\T-384247-_uncensored_ we took the kids to disneyland 12.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\altlog.txt Object is locked skipped
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblog.txt Object is locked skipped
C:\QUARANTINE\tmp00059a85.Vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aps skipped
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aps skipped
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\A0446111.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{07570412-71BB-4EEA-920E-311BC008F4FC}\RP1202\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MARTEL2.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT03e1d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03e20.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000003-00001102-00000004-10071102}.CDF Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 1:07:43 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.shcwczcmqpecta.com/yDF2sBjOEzbAT2/Y8zCaupDRHand9QtFxlq3qOLI90E.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fn7k9u8w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\fn7k9u8w.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {86526A31-F5FE-AF53-844A-8E1D824048C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AB22A5F-E9D8-1E43-2965-24737454BF42} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2855F47-9823-4009-8DBA-6A2C0CBCE9AD} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155774279171
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Yvon
You have a couple of infected emails on the computer that need to be removed.
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx/[From Marteljmartel ][Date Mon, 19 Jul 2004 11:41:40 -0700]/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mike ][Date Mon, 19 Jul 2004 11:33:14 -0700]/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CITI ][Date Mon, 11 Oct 2004 13:44:02 -0300]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CitiBank ][Date Fri, 08 Oct 2004 19:32:51 -0700]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/05 Oct 2004 17:25 to yman@shaw.ca:[Shaw Suspected Junk Email] Ur.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Sep 2004 11:24 to yman@shaw.ca:[Shaw Suspected Junk Email] Of.html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/27 Sep 2005 12:56 to ymart@shaw.ca:Potentially unwanted message .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/31 Oct 2005 23:33 from eBay:Potentially unwanted message body de.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Jan 2006 03:17 from eBay Inc:Potentially unwanted message bod.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Your going to have to remove those email. The last 3 of them were quartined by outlook and still need to be removed.
Then your going to have to find and delete the following files:
C:\Program Files\LimeWire\Danielles\(full) 1234 theset 50.wma
C:\Program Files\LimeWire\Incomplete\T-384247-_uncensored_ we took the kids to disneyland 12.wma
-----------------------------
Once all of those files have been removed.(and it must be ALL of them, none can still be on the hard drive)
You will need to clean up your system restore. To do this follow the below instructions:
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
---------------------
When your done post a new hijackthis log.
Is your installed antivirus(mcaffee) still under license?
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx/[From Marteljmartel ][Date Mon, 19 Jul 2004 11:41:40 -0700]/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mike ][Date Mon, 19 Jul 2004 11:33:14 -0700]/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CITI ][Date Mon, 11 Oct 2004 13:44:02 -0300]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CitiBank ][Date Fri, 08 Oct 2004 19:32:51 -0700]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/05 Oct 2004 17:25 to yman@shaw.ca:[Shaw Suspected Junk Email] Ur.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Sep 2004 11:24 to yman@shaw.ca:[Shaw Suspected Junk Email] Of.html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/27 Sep 2005 12:56 to ymart@shaw.ca:Potentially unwanted message .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/31 Oct 2005 23:33 from eBay:Potentially unwanted message body de.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Jan 2006 03:17 from eBay Inc:Potentially unwanted message bod.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Your going to have to remove those email. The last 3 of them were quartined by outlook and still need to be removed.
Then your going to have to find and delete the following files:
C:\Program Files\LimeWire\Danielles\(full) 1234 theset 50.wma
C:\Program Files\LimeWire\Incomplete\T-384247-_uncensored_ we took the kids to disneyland 12.wma
-----------------------------
Once all of those files have been removed.(and it must be ALL of them, none can still be on the hard drive)
You will need to clean up your system restore. To do this follow the below instructions:
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
---------------------
When your done post a new hijackthis log.
Is your installed antivirus(mcaffee) still under license?
QUOTE(rridgely @ Nov 24 2006, 03:41 PM) [snapback]55432[/snapback]
You have a couple of infected emails on the computer that need to be removed.
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A133885C-45B5-4915-A951-777437E77C14}\Microsoft\Outlook Express\Deleted Items.dbx/[From Marteljmartel ][Date Mon, 19 Jul 2004 11:41:40 -0700]/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mike ][Date Mon, 19 Jul 2004 11:33:14 -0700]/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CITI ][Date Mon, 11 Oct 2004 13:44:02 -0300]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B5B2B289-366F-4F97-900C-7DB3B17A2281}\Microsoft\Outlook Express\Deleted Items.dbx/[From CitiBank ][Date Fri, 08 Oct 2004 19:32:51 -0700]/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/05 Oct 2004 17:25 to yman@shaw.ca:[Shaw Suspected Junk Email] Ur.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Sep 2004 11:24 to yman@shaw.ca:[Shaw Suspected Junk Email] Of.html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/27 Sep 2005 12:56 to ymart@shaw.ca:Potentially unwanted message .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/31 Oct 2005 23:33 from eBay:Potentially unwanted message body de.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Quarantine/Potentially unwanted message body detected, entire message has b/04 Jan 2006 03:17 from eBay Inc:Potentially unwanted message bod.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Your going to have to remove those email. The last 3 of them were quartined by outlook and still need to be removed.
Then your going to have to find and delete the following files:
C:\Program Files\LimeWire\Danielles\(full) 1234 theset 50.wma
C:\Program Files\LimeWire\Incomplete\T-384247-_uncensored_ we took the kids to disneyland 12.wma
-----------------------------
Once all of those files have been removed.(and it must be ALL of them, none can still be on the hard drive)
You will need to clean up your system restore. To do this follow the below instructions:
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
---------------------
When your done post a new hijackthis log.
Is your installed antivirus(mcaffee) still under license?
Thank you rridgely
I am currently at work and will not be near my home computer for five hours.
I will follow your directions when I get home and as far as I know the Mcaffee Antivirus software is still good and under license. It was put on our computer by a tech at the company that my wife works for as she brings home work from time to time and uses our computer.
Yvon
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.