Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Have 2953 windows privacy/malware warning box with icon

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Have 2953 windows privacy/malware warning box with icon

Unread postby eyespyman » August 23rd, 2007, 6:35 pm

I too have the 2953windows privacy violations found/malware infection notice with icon in task bar.

found this site and did all the things listed. AdAware, Spybotsd... here is my hijackthis log. Any help will be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 23:27:04, on 23/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\KService\KService.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\winntify.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Navnt\POProxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\prefs.js)
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr455.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [clcl14] C:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POProxy.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/pl ... nNOSSO.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/18d1681d3ee ... xIE601.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm
Advertisement
Register to Remove

Unread postby Scotty » August 25th, 2007, 11:14 am

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

HI Scotty

Unread postby eyespyman » August 26th, 2007, 10:33 am

Thank You for your help - sorry for the delay I've been away. Here is the uninstall list:

360Share(remove only)
3D-Mouse
Ad-Aware SE Professional
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
America Online
Atrise Everyfind 5.1.1
Axicon Verifier
Currency Converter 2
Direct Data Business Directory
DivX
DivX Converter
DivX Player
DivX Web Player
DYMO Label Software
Easy Barcode Creator
EclipseCrossword
Eudora
Family Tree Maker 2005
FilmBars Graphics
FinePixViewer Ver.4.2
FUJIFILM USB Driver
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
HASP4 Device Drivers
HijackThis 1.99.1
Icon Suite
ImageMixer VCD2 for FinePix
Internet Explorer Q903235
Ipswitch WS_FTP Pro
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
LiveAdvisor (Symantec Corporation)
LiveUpdate
mDVR for Windows
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft FrontPage 2002
Microsoft Office PowerPoint Viewer 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
MicroStaff WINASPI
Money Manager 2.3.2.0
Mozilla Firefox (2.0.0.4)
MR2800-W Data Fax Modem
MUSICMATCH® Jukebox
Netscape (7.1)
Netscape Navigator (9.0b3)
Norton AntiVirus 2000
OSS Text Spy 1.31
Paint Shop Pro 7 Anniversary Edition
Pattern Maker for cross stitch - v4 (Std)
Pdf995
PMP Transcoding Tool 0.5.1.0 For Windows NT/2000/XP
QuickTime
RAW FILE CONVERTER LE
ReadPlease 2003/ReadPlease PLUS 2003
RealPlayer
Recovery for Works
Sky Anytime
SnagIt 7
SnagIt 8
Spybot - Search & Destroy 1.4
StuffIt Standard
Super Yahoo Messenger Archive Decoder
SuperFax
SWiSH Lite v1.52
SWiSH v2.0
SWiSHmax beta
ViewSonic Monitor Drivers
WebLog Expert Lite 3.5
Windows Media Format Runtime
Windows Media Player 10
WinZip
Yahoo Message Archive Decoder 4.13
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » August 26th, 2007, 2:34 pm

Hi

Download and Run BFU
Download and unzip BFU.zip from here.

Run the program and click the Web button as shown by the blue arrow below:
Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Then reboot.

Download and Run SmitfraudFix
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply with a new HijackThis log, please.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

SmitFraudFix report

Unread postby eyespyman » August 27th, 2007, 7:37 am

Hello. First report:

SmitFraudFix v2.217

Scan done at 12:34:08.90, 27/08/2007
Run from C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\KService\KService.exe
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Navnt\POProxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\winntify.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\vtr???.dll FOUND !
C:\WINDOWS\system32\WinAvXX.exe FOUND !
C:\WINDOWS\system32\winntify.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Debda


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Debda\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Debda\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\hrum455.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.3.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



2nd report:

Logfile of HijackThis v1.99.1
Scan saved at 12:36:04, on 27/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\KService\KService.exe
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Navnt\POProxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\winntify.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\prefs.js)
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr455.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [clcl14] C:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POProxy.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/pl ... nNOSSO.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/18d1681d3ee ... xIE601.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thanks!
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » August 28th, 2007, 10:28 am

Hi

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!


Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
    • At the top of the main screen click Update.
      • Then in the Manual Update section, click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
  • When updates are completed, close AVG.
If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Run the program and click the Web button as shown by the blue arrow below:
Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

Reboot into SAFE MODE
    By pressing the F8 key right when Windows starts, usually right after you hear your computer
    beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
    you will be brought to a menu where you can choose to boot into safe mode.

    If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

    I have found that during boot up, right after the computer displays the equipment , memory, etc
    installed on your computer, if you start lightly tapping the F8 key, the system will usually display the menu.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr455.dll
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [clcl14] C:\WINDOWS\System32\clcl14.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
        • Click on Recommended actions, and set to Quarantine.
      • How to scan
        • Check all options.
      • Possibly unwanted software.
        • Check all options.
      • Reports
        • Check Do not automatically generate reports after every scan.
      • What to scan
        • Check Scan every file.
    • Click on the Scan tab.
      • Click on Complete System Scan and the scan will begin.
      • When the scan has finished
        • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
        • At the bottom of the window click on the Apply all Actions button.
Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Run Smitfraudfix
Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Reboot back into Normal Mode and post back with the Smitfraudfix log, AVG report and a new Hijackthis log, please.

Disable AVG Anti-Spyware Guard
We need to disable AVG's spyware Guard so it doesnt interfere with our fixes.
You should be able to disable AVG Anti-Spyware guard like this:

  • Open AVG Anti-Spyware by double-clicking it's icon in the system tray.
  • In the 'Your security status' section, toggle the AVG Anti-Spyware Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
  • When you reboot, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the guard?".
  • Reply 'No' and set it to 'inactive'
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

completed with problems

Unread postby eyespyman » August 29th, 2007, 10:38 am

HI

I followed the instructions in the exact order as specified, but I did have some trouble.

After downloading, installing and running AVG - before completion I got an error box with the following:

Worm.VB.an located in C:\programfiles\winupdates.exe
It instructed me to clean and move to quarantine which I did then it said reboot which I did.

I followed the next steps however in safe mode the resolution of the screen wouldn't display the entire program options - I couldn't change the res in safe mode - even tried another screen.

When I ran Hijackthis I got the following error:

An unexpected error at procedure:
ModBackup_MakeBackup(sItem=020 -AppInit-Dlls;C:\windoews\system32\hrum455.txt)
Error #5 - Invalid procedure call or argument. Email marij@spywareinfo.com

Ran SmithFraudfix and the Disk Cleanup box came up, started to run then locked up.

AVG - there wasn't a report in the Grisoft\AVG folder - I did a search and found nothing. The instructions siad do not save report before you hit Apply active button - there wasn't even a folder for reports in teh AVG folder.

Also, IE 6 page doesn't load - shows this in address line:
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

Firefox won't connect and shows this error:

FireFox won't connect shows:
The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.

* Check the proxy settings to make sure that they are correct.

* Contact your network administrator to make sure the proxy server is
working.

I have had these messages since this started.



Log files for the other two follow. Thanks

SmitFraudFix v2.217

Scan done at 14:45:14.44, 29/08/2007
Run from C:\Documents and Settings\Debda\My Documents\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localmachine # ***Inserted By STOPzilla***

127.0.0.1 http://www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.search4www.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 http://www.all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 213.159.117.133 # ***Inserted By STOPzilla***
127.0.0.1 localhost # ***Inserted By STOPzilla***
127.0.0.1 http://www.zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 http://www.heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 http://www.teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***


66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es
66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es
66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es
66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\WinAvXX.exe Deleted
C:\WINDOWS\system32\winntify.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC72450B-689F-4EB1-938F-FD3B2AF61580}: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of HijackThis v1.99.1
Scan saved at 15:35:34, on 29/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\KService\KService.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\prefs.js)
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/pl ... nNOSSO.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/18d1681d3ee ... xIE601.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » August 29th, 2007, 3:09 pm

Hi

Download and Run ComboFix



  • Download this file from below:



    Here


  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.


Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

ComboFix

Unread postby eyespyman » August 29th, 2007, 4:06 pm

As requested:

ComboFix 07-08-30.1 - "Debda" 2007-08-29 20:37:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.66 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Debbie\Desktop\internet explorer.lnk
C:\DOCUME~1\Debda\Desktop\internet.lnk
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\opera6.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\LEGACY_WINNOTIFY
-------\Iprip


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 20:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 11:08 <DIR> d-------- C:\Program Files\Brute Force Uninstaller
2007-08-29 10:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-28 16:08 33,792 --a------ C:\WINDOWS\ieuninst.exe
2007-08-27 12:34 2,108 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-23 21:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-23 20:41 <DIR> d-------- C:\DOCUME~1\Debda\APPLIC~1\Netscape
2007-08-23 17:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-23 17:39 437,528 --a------ C:\WINDOWS\system32\401COMUPD.EXE
2007-08-23 17:38 170,400 --a------ C:\WINDOWS\system32\drivers\navap.sys
2007-08-23 17:38 <DIR> d-------- C:\Program Files\Symantec
2007-08-06 22:45 <DIR> d-------- C:\Program Files\viewsonic
2007-08-06 22:45 <DIR> d-------- C:\DOCUME~1\Debda\APPLIC~1\Leadertech
2007-08-02 23:13 <DIR> d-------- C:\DOCUME~1\Debbie\APPLIC~1\Kontiki
2007-07-01 18:24 <DIR> d-------- C:\DOCUME~1\Debda\APPLIC~1\Kontiki
2007-07-01 18:23 <DIR> d-------- C:\WINDOWS\kdx
2007-07-01 18:23 <DIR> d-------- C:\Program Files\Sky
2007-07-01 18:23 <DIR> d-------- C:\Program Files\KService
2007-07-01 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sky


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 20:48 --------- d-------- C:\Program Files\3DMouse
2007-08-29 13:22 --------- d-------- C:\Program Files\Yahoo Message Archive Decoder
2007-08-23 23:04 --------- d-------- C:\Program Files\MyWay
2007-08-23 20:41 --------- d-------- C:\Program Files\Netscape
2007-08-23 17:39 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 21:14 --------- d-------- C:\Program Files\SWiSH v2.0
2007-08-06 22:45 --------- d--h----- C:\Program Files\InstallShield Installation Information
1757-03-18 11:38:02 4,263 --sh--w C:\WINDOWS\windllreg1c.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3DMouse"="C:\PROGRA~1\3DMouse\3DMouse.EXE" [2002-03-18 13:07]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 16:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 17:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-14 14:45]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2005-06-07 17:04 86016]

R0 SIUSBXP;SIUSBXP;C:\WINDOWS\System32\drivers\SiUSBXp.sys
R2 gwiopm;gwiopm;\??\C:\PROGRA~1\MDVRFO~1\gwiopm.sys
S3 V90drv;v90drv;C:\WINDOWS\System32\DRIVERS\v90drv.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 20:48:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 20:50:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-30 20:50

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 21:05:55, on 30/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/pl ... nNOSSO.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/18d1681d3ee ... xIE601.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner - C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » August 30th, 2007, 3:53 am

Hello

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.


  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:


    • Scan using the following Anti-Virus database:



      + Extended(If available otherwise Standard)


    • Scan Options:



      + Scan Archives

      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Kaspersky

Unread postby eyespyman » August 30th, 2007, 11:47 am

Hi
Kaspersky only works with IE 6 and as I mentioned, I can't access the Internet via IE or Firefox since this started. It won't work with Netscape - and thats's the only browser I have that works. I've tried uninstalling IE and re-installing but it doesn't work.

Sorry
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Kaspersky rept - finally

Unread postby eyespyman » August 31st, 2007, 6:26 am

After much ado - I upgraded to XP service pack 2 which allowed me to get IE 7. That installed OK and I was able to run Kaspersky. Reprt follows:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 01, 2007 11:22:40 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/08/2007
Kaspersky Anti-Virus database records: 400484
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 170885
Number of viruses found: 26
Number of infected objects: 176
Number of suspicious objects: 0
Duration of the scan process: 05:38:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May ... /[From laurindalandsaw@uk2.net][Date Sat, 15 M ... /p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May ... /[From laurindalandsaw@uk2.net][Date Sat, 15 May 2004 07:32:45 GMT]/article.DOC.zip Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May 2004 17:43:26 -0600]/html Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "cla ... /[From postmaster@emadr.tech.int.digex.com][Date Tue ... /p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "cla ... /[From postmaster@emadr.tech.int.digex.com][Date Tue, 25 May 2004 04:05:41 -0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "claribel ... /[From marketplace@superbookdeals.co.uk][Date Mon, 24 May 2004 20:29:12 -0400]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "claribel pickard" <claribel_pickard@bellsouth.net>][Date Mon, 24 May 2004 09:02:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzyl ... /[From "editor@eyespymag.c ... /[From GlenmoreTH@aol.com][Date Mon, 24 May 2004 06:23:20 EDT]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzyl ... /[From "editor@eyespymag.com" <mark.bd@totalise.co.uk>][Date Thu, 20 May 2004 23:27:11 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45as ... ... /[From "Olen Woodson" <qwurvwbl@citiz.net>][Date Thu, 20 May 2004 09:27:58 +0500]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45as ... /[From "Lila Sims" <tsuchiya@me.sony.co.jp>][Date Sun, 06 Jun 2004 22:12:46 -0300]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com> ... /[From Olga Neal <Joni@otakumail.com>][Date Wed, 19 May 2004 21:55:57 +040 ... /text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com> ... /[From Olga Neal <Joni@otakumail.com>][Date Wed, 19 May 2004 21:55:57 +0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com>][Da ... /[From "Lopez" <jubzdyslxz@takas.lt>][Date Tue, 18 May 2004 17:37:36 +0200]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com>][Date Tue, 18 May 2004 14:44:16 -0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox Mail Berkeley mbox: infected - 22 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\document12.zip/document.pif Infected: Net-Worm.Win32.Mytob.t skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\document12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm3.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm4.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm5.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm6.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\downloadm6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Edmond.zip Infected: Trojan-Downloader.Win32.Bagle.q skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Harry.zip Infected: Trojan-Downloader.Win32.Bagle.r skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Hughe.zip/S3700026.exe Infected: Email-Worm.Win32.Bagle.fb skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Hughe.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\list.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext3.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext4.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mailtext4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\mail_body2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\new__price.zip/price_list.exe Infected: Email-Worm.Win32.Bagle.de skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\new__price.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\price_new.zip/price.cpl Infected: Email-Worm.Win32.Bagle.cs skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\price_new.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\question_list.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass-data2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass1.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass2.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass3.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass4.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass5.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\reg_pass5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\sls.zip/sls.htm .scr Infected: Net-Worm.Win32.Mytob.t skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\sls.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cd skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\Taxes.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\text6.zip/text.htm .pif Infected: Net-Worm.Win32.Mytob.t skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\text6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\The_taxation.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.bq skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach\The_taxation.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED/[From "info@paypal.com" <info@paypal.com>][Date Tue, 20 Dec 2005 23:10:30 +0200]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED/[From "info@paypal.com" <info@paypal.com>][Date Tue, 20 Dec 2005 23:10:30 +0200]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001 Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED/[From "info@paypal.com" <info@paypal.com>][Date Tue, 20 Dec 2005 23:10:30 +0200]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002 Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Debda\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\History\History.IE5\MSHist012007083120070901\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debda\My Documents\desktop2\Adobe PageMaker 7.01.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Debda\My Documents\desktop2\Adobe PageMaker 7.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\My Documents\smithfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Debda\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Debda\Shared\Adobe PageMaker 7.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Debda\Shared\Adobe PageMaker 7.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir ZIP: infected - 1 skipped
C:\SUPERFAX\DATA\PICPMON.DEB Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032158.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032159.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032161.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032481.dll Infected: Trojan-Downloader.Win32.Agent.bxx skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032482.exe Infected: Trojan.Win32.Agent.kq skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032483.exe Infected: not-a-virus:PSWTool.Win32.Yahoo.c skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032486.exe Infected: not-virus:Hoax.Win32.Renos.hz skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032487.exe Infected: Trojan-Downloader.Win32.VB.azq skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP94\change.log Object is locked skipped
C:\WINDOWS\1124657201 Infected: Trojan-Downloader.Win32.VB.azq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D/release.pif Infected: Email-Worm.Win32.NetSky.b skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9/advertise@eyespymag.com.html .exe Infected: Email-Worm.Win32.Mydoom.m skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
E:\my documents 1\desktop2\Adobe PageMaker 7.01.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
E:\my documents 1\desktop2\Adobe PageMaker 7.01.zip ZIP: infected - 1 skipped

Scan process completed.
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » August 31st, 2007, 3:11 pm

Hi

Empty Norton Quarantine

  1. Start Norton AntiVirus.
    If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program and click Norton AntiVirus.
    [*}In the left pane, click Reports.
  2. Click View Norton Quarantined and Restore.
  3. In the left pane, select the type of risk that you want to remove.
  4. In the right pane, select the files that you want to remove.
  5. Click Delete Item.
  6. When you see the message "Warning! Are you sure that you want to remove this item from Quarantine," click Yes.
  7. Close the Quarantine window, and then exit [/b]Norton AntiVirus.


This is a walk-through to compacting email within Thunderbird but will work for other Mozilla email programs.

The best way is to let Thunderbird do this automatically: "Tools -> Options -> Advanced -> Network & Disk Space -> Disk Space -> Compact folder when it will save over 1000 kB -> OK."

To compact all folders in an account manually, click the account on the left, and then click "File -> Compact Folders". Compacting an account may take from a few seconds to 20 minutes or more, depending on how much mail you have and how recently you last compacted the folders. If you have trouble doing this and the process stalls, try compacting one folder at a time by right-clicking on the folder and choosing "Compact This Folder". If you do not let Thunderbird compact automatically, you should do this regularly, at least once a week. If you do it daily, it will take only a fraction of the time.

Try to avoid downloading e-mail while compacting folders, as it has been reported that this can cause corruption or a "folder being processed" error. For POP3 accounts, you should go offline before compacting folders. (To do this, go to "File -> Offline -> Work Offline", or simply click on the icon in the bottom left corner.) For IMAP accounts you cannot compact folders unless you are online.

In Eudora, Command-Click on the bottom left corner of the mailbox (where the number/size information is). To compact all mailboxes, Option-Command-Click in the same place.

Then follow my previous instruction to run another Kaspersky Online Scan, please.

Also, tell me if Firefox is working yet and what problems you are still having.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

kaspersky 2

Unread postby eyespyman » September 1st, 2007, 5:30 pm

Hi Again

I upgraded to Norton Anti Virus 2008 because I was havng some trouble with 2000. Did as requested and here is new Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 02, 2007 10:22:36 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/09/2007
Kaspersky Anti-Virus database records: 401950
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 173665
Number of viruses found: 16
Number of infected objects: 87
Number of suspicious objects: 0
Duration of the scan process: 08:53:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{935C0902-1BB4-4C7C-A52A-4D074797B730}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3F5E6D8D-3FB1-4364-802F-8B86B2BD6364}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3F5E6D8D-3FB1-4364-802F-8B86B2BD6364}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\04D57A0A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May ... /[From laurindalandsaw@uk2.net][Date Sat, 15 M ... /p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May ... /[From laurindalandsaw@uk2.net][Date Sat, 15 May 2004 07:32:45 GMT]/article.DOC.zip Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text/[From "Felix Mora" <predictcontinual@attbi.com>][Date Wed, 12 May 2004 17:43:26 -0600]/html Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text/[From "Dave Chamberlain" <pruyacj@ccnt.com>][Date Wed, 12 May 2004 23:29:48 +0600]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED/[From "Suzanne " <jiczmtqoru@online.sh.cn>][Date Thu, 13 May 2004 06:06:55 +0100]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Concepcion Arellano <Damianh0@asvbsv4.com>][Date Wed, 12 May 2004 06:05:32 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "cla ... /[From postmaster@emadr.tech.int.digex.com][Date Tue ... /p-zipped_file_data .pif Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "cla ... /[From postmaster@emadr.tech.int.digex.com][Date Tue, 25 May 2004 04:05:41 -0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "claribel ... /[From marketplace@superbookdeals.co.uk][Date Mon, 24 May 2004 20:29:12 -0400]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oy ... /[From "claribel pickard" <claribel_pickard@bellsouth.net>][Date Mon, 24 May 2004 09:02:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzyl ... /[From "editor@eyespymag.c ... /[From GlenmoreTH@aol.com][Date Mon, 24 May 2004 06:23:20 EDT]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzyl ... /[From "editor@eyespymag.com" <mark.bd@totalise.co.uk>][Date Thu, 20 May 2004 23:27:11 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45as ... ... /[From "Olen Woodson" <qwurvwbl@citiz.net>][Date Thu, 20 May 2004 09:27:58 +0500]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45as ... /[From "Lila Sims" <tsuchiya@me.sony.co.jp>][Date Sun, 06 Jun 2004 22:12:46 -0300]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com> ... /[From Olga Neal <Joni@otakumail.com>][Date Wed, 19 May 2004 21:55:57 +040 ... /text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com> ... /[From Olga Neal <Joni@otakumail.com>][Date Wed, 19 May 2004 21:55:57 +0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com>][Da ... /[From "Lopez" <jubzdyslxz@takas.lt>][Date Tue, 18 May 2004 17:37:36 +0200]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED/[From "Frieda Crocker" <oytzylnnz@zvx45asq.com>][Date Tue, 18 May 2004 14:44:16 -0400]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED/[From "George Myles" <uajskc@debbiemcdonald.com>][Date Wed, 19 May 2004 05:00:25 -0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text/[From "Prince Trejo" <DOTHAGJMAZT@debbiemcdonald.com>][Date Tue, 18 May 2004 03:13:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED/[From Nola Rosenbrook <mlmuwuod@foodalert.com>][Date Sat, 15 May 2004 22:11:39 -0400]/text Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/[From support@uk2.net][Date Thu, 29 Apr 2004 15:52:05 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.g skipped
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox Mail Berkeley mbox: infected - 22 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED/[From "info@paypal.com" <info@paypal.com>][Date Tue, 20 Dec 2005 23:10:30 +0200]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.001 Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED/[From "info@paypal.com" <info@paypal.com>][Date Tue, 20 Dec 2005 23:10:30 +0200]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED/[From "Brandi Surface" <surf@nirai.ne.jp>][Date Tue, 20 Dec 2005 14:15:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html/[From evaporated@funsongsshow.com][Date Wed, 21 Dec 2005 04:07:15 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002/[From "Colin Mcfadyzean" <colinmac26@hotmail.com>][Date Fri, 16 Dec 2005 21:45:27 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ep skipped
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\In.mbx.002 Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Debda\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Debda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\History\History.IE5\MSHist012007090220070903\index.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Debda\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\My Documents\smithfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Debda\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Debda\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\SUPERFAX\DATA\PICPMON.DEB Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032158.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032159.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP80\A0032161.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032481.dll Infected: Trojan-Downloader.Win32.Agent.bxx skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032482.exe Infected: Trojan.Win32.Agent.kq skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032483.exe Infected: not-a-virus:PSWTool.Win32.Yahoo.c skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032486.exe Infected: not-virus:Hoax.Win32.Renos.hz skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP85\A0032487.exe Infected: Trojan-Downloader.Win32.VB.azq skipped
C:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP94\change.log Object is locked skipped
C:\WINDOWS\1124657201 Infected: Trojan-Downloader.Win32.VB.azq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\JET63AC.tmp Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
E:\System Volume Information\_restore{1BCB0009-02D0-4E51-B0D5-E5D458D79758}\RP94\change.log Object is locked skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02F13680 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0349241F CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D/release.pif Infected: Email-Worm.Win32.NetSky.b skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1932647D CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\260E2C52 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\263C7820 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\266619F1 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26913BC3 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26BB5D94 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26E67F65 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27102137 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2737190B CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9/advertise@eyespymag.com.html .exe Infected: Email-Worm.Win32.Mydoom.m skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9 ZIP: infected - 1 skipped
E:\programsfromc\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380016C9 CryptFF: infected - 1 skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
E:\programsfromc\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped

Scan process completed.


I now have Internet access with all browsers - I had to go in and manually re-set all the LAN settings, but OK now.

Thanks
eyespyman
Active Member
 
Posts: 9
Joined: August 23rd, 2007, 4:01 pm

Unread postby Scotty » September 2nd, 2007, 5:14 pm

Hi

Okay, sorry for the delay. I suggest printing out, or copying to Notepad, the following instructions.

First of all, we need to empty the Quarantine folder within Norton. I believe you may be able to do that via the View History option in the left pane once you have opened Norton Anti-virus.
If that is correct, delete all the items in there.

Reboot into SAFE MODE
    By pressing the F8 key right when Windows starts, usually right after you hear your computer
    beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
    you will be brought to a menu where you can choose to boot into safe mode.

    If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

    I have found that during boot up, right after the computer displays the equipment , memory, etc
    installed on your computer, if you start lightly tapping the F8 key, the system will usually display the menu.

To enable the viewing of Hidden files follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Double-click on the My Computer icon (or click Start, then select My Computer)
  3. Select the Tools menu and click Folder Options.
  4. After the new window appears select the View tab.
  5. Put a checkmark in the checkbox labeled Display the contents of system folders.
  6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.

Navigate to and delete the following files and/or folders (if they are present):

Folders:
C:\Documents and Settings\Debda\My Documents\desktop2\Adobe PageMaker 7.01.zip
C:\Documents and Settings\Debda\My Documents\fifty\smitfraudfix
C:\Documents and Settings\Debda\Desktop\SmitfraudFix.zip
C:\WINDOWS\1124657201
E:\programsfromc\Program Files\MyWay

Now navigate to this folder
C:\Documents and Settings\Debda\Application Data\Mozilla\Profiles\default\xq85bfr6.slt\Mail\mail.uk2.net\Inbox/
and delete everything in there.

Do the same in this folder
C:\Documents and Settings\Debda\Application Data\Qualcomm\Eudora\attach

If there are items in either of those folders that you wish to keep, stop at this point and let me know. I will draw up a list of each item that needs to be deleted. If not proceed with the rest of the instructions.

Reboot back into Normal Mode

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Tehn post a new HijackThis log, please.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware