Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hijack problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser hijack problems

Unread postby Eileanbeag » January 15th, 2006, 7:44 am

Can you help with this Log?

Logfile of HijackThis v1.99.1
Scan saved at 01:05:28, on 15/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/c ... /bt1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/c ... /ot0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3424935156
O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.2/g_bin/eng/bridge_2_0_0_14.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/template ... rol013.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftes ... TPTest.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/template ... rol023.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm
Advertisement
Register to Remove

Unread postby Susan528 » January 15th, 2006, 10:54 am

Hello and Welcome EiLeanbeag to Malware Removal,

STEP 1.
======
Download Ewido
  1. Download and install Ewido Security Suite It is a free trial version of the program.
  2. Install ewido security suite
  3. Launch ewido, there should be an icon on your desktop double-click it.
  4. The program will now go to the main screen
STEP 2.
======
Update Ewido
You will need to update ewido to the latest definition files.
  1. On the left hand side of the main screen click update
  2. Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 3.
======
Ewido Scan
Once the updates are installed do the following:
  1. Click on scanner
  2. Click on Complete System Scan and the scan will begin.
  3. NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  5. Click Save report.
  6. Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


Disable Microsoft AntiSpyware:
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft AntiSpyware
  • Click on Tools, Settings.
  • In the left pane, click on Real-time Protection
  • Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents
  • Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

STEP 4.
======
Hoster

Please download hoster.
  1. Unzip Hoster.zip
  2. Open Hoster.exe.
  3. Then click on "Restore Original Hosts"
  4. Close program when complete.
  5. Empty Recycle Bin


Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

STEP 5.
======
Open HijackThis. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install[/B]
Click Fix Checked.


Show Hidden Files
Please show all files for your system.
You will need to reverse this process when all steps are done.


Delete Files and Folders
Please delete the following files/folders:
c:\program files\common files\system\ms1src.exe <==file
If you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.


Reboot normally and scan with HijackThis. Post (reply) with a new hijackthis log to this thread.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Eileanbeag » January 15th, 2006, 2:02 pm

I am running scan and have read on to where I download Hoster.

Step 4 when you say reboot and copy/p[aste a new log file to this thyread is that a log file from Hijack This?
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Eileanbeag » January 15th, 2006, 2:39 pm

Ewido wants me to create an en crypted back up and has found infected file - do dio this?:
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Susan528 » January 15th, 2006, 4:35 pm

Forget about the post instructions in the Hoster step. I should have taken that out since it was not the last step.

Go ahead and let ewido make encrypted back-up. I do want to see the results of ewido in post though.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Eileanbeag » January 15th, 2006, 4:45 pm

Do I choose Block & Clean for nfected objects found or block access?
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Susan528 » January 15th, 2006, 8:46 pm

Choose block and clean.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Eileanbeag » January 16th, 2006, 4:40 am

I've been an idiot; after reading your last reply I accidently closed Hoster; what can I do?
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Eileanbeag » January 16th, 2006, 5:38 am

If I just reboot will Ewido go back to encrypt or must I run Host again? Sorry to be so stupid.
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Susan528 » January 16th, 2006, 6:55 am

Running the host once is enough.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Eileanbeag » January 16th, 2006, 7:09 am

As never gave Ewido a chance to block and clean the infected files do I have to run this again?
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Susan528 » January 16th, 2006, 8:35 am

Hello Eileanbeag,

Let's try a different approach.

STEP 1.
======
Let’s check for Malware/Spyware on your computer which is best dealt with by spyware-removal programs used one after the other.

Spybot: Search and Destroy:

1.Download 'Spybot: Search And Destroy'.
2. Install it according to the instructions in 'How To Setup Spybot SD and Ad-Aware SE'.
3. Next, 'Search for Updates' as the definitions are not likely to be up-to-date.
4. Close ALL windows except Spybot SD
5. Click the "Check for Problems" button
6. Click 'Fix Selected Problems' and fix only the RED items.
7. REBOOT to finish removing what Spybot SD found and clear memory


Ad-Aware SE by Lavasoft:

1. Download 'Ad-Aware SE'.
2. Install according to the instructions in "How To Setup Spybot SD and Ad-Aware SE"
3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.
4. Install the updates.
5. Close ALL windows except Ad-Aware SE
6. Click on 'Start' and choose 'full scan' for a full scan.
7. Quarantine anything that it finds and SAVE the log file.
8.REBOOT to finish removing what Ad-Aware SE found and clear memory.

Please let me know if anything can not be cleaned by these utilities.
STEP 2.
======
MWAV Scan
Please download MWAV to a convenient location.
This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
This scan might take around 3+ hours to finish when set to scan everything.

Double-click on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.


Scan again with HijackThis

POST a New HijackThis log here in this thread using 'Add Reply'.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Eileanbeag » January 16th, 2006, 7:15 pm

Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bookmarkexpress Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "winpup32 Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "downloader-ak Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "startsurfing Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "startsurfing Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clientman Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.11\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.8\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\KPCMS\CMSCP\CP01". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Demo Movies\DICT_E.SET". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Sound\ENGLISH.SND". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_E.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_F.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_G.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_I.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_P.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_R.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\AUDIO_S.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_F.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_G.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_I.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_P.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_R.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\DICT_S.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_E.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_F.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_G.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_I.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_P.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_R.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Intense Language Office\Help\XSHOOT_S.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Microsoft Office\Office\1033\MSOHELP.CHM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.8\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.11\hrtbeat.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Serif\GraphicsPlus\AO2XCHG.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Serif\GraphicsPlus\GPLUSO.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Desktop\Training A Training.lnk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\August 2001 Adobe Product Update.exe" refers to invalid object "C:\Program Files\Common Files\Adobe\August 2001 Adobe Product Update.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Createcd50.exe" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\CreateCD\createcd50.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OnlinePrintApp.exe" refers to invalid object "C:\Program Files\Sony Corporation\Picture Package\OnlinePrint\OnlinePrintApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\QuickCam.exe" refers to invalid object "C:\Program Files\Logitech\Video\QuickCam.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TSLite.exe" refers to invalid object "C:\Program Files\Bradbury\TopStyle3\TSLite3.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\PartitionMagic 8.0\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\PowerQuest\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\Margo\LOCALS~1\Temp\SqlSetup\Temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\Margo\LOCALS~1\Temp\SqlSetup\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\msohelp.chm" refers to invalid object "C:\Program Files\Microsoft Office\Office\1033\MSOHELP.CHM". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".240505jpg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bnw". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cnt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".colour". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HMT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HOF". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".info". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kodak[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MSW". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PMD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r11". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sib". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srs". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".via". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zat". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".za_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AND Route 2003 Europe - OEM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bridge_Base_Online". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Don't Panic 2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Easy BridgeDeinstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Genie Backup Manager V3.0_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB832353". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mah Jong Tiles Deluxe from GameHouse". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSNEXT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NoAdware_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Audio Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RealDownload". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{032B93E8-D9A1-48D2-AA51-D057ABBA9E52}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{15BB1726-1D8B-486A-866E-BAD34FFACF44}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4F6BE6BA-AF27-4111-8243-FCADDA63970B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{66563AD8-637B-407F-BCA7-0233A16891AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{82C36957-D2B8-4EF2-B88C-110000420}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{82C36957-D2B8-4EF2-B88C-110250590}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{90190409-6000-11D3-8CFE-0050048383C9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A8A7ACEF-A7AF-4129-9BC1-4F33A4C31EEC}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000702}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000703}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000704}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CDB13FA6-C67F-11D6-9ECC-00024400E70B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E0F7DAE4-DFA0-46C6-AE55-0C95E4A68898}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F891AAF3-DE9F-4445-85CF-6E41261A7F5A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FB015BB0-5518-4767-9DE4-F9A5C7C62E46}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0365293D-00C7-4D0B-895D-D97B21EEFBFF}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /IMG_WIA". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{227036F9-4E59-4031-92BD-DD3E5184A788}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{301A90C1-460F-413C-8AE3-44FA9A5905EB}" refers to invalid object "C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{499C2688-85A5-41B5-B8A7-DCC8DCF797B4}" refers to invalid object "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-gb\msnappau.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5432567D-A901-4635-B450-8A6A15C311AA}" refers to invalid object "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0\DVDMF.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C41BB19-ABA9-11D2-9ABC-0000212076C2}" refers to invalid object "C:\Program Files\Serif\wp60\program\3dplusserver.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70B410C0-BADA-11D4-8308-0080C8D7ED4A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Bridge.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FBDAB78-8361-11D0-A19B-00A0C9084C89}" refers to invalid object "C:\PROGRA~1\TEXTBR~1.0\Bin\WORDAC~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A950EBB5-BFEC-11D0-A1E7-00A0C9084C89}" refers to invalid object "C:\PROGRA~1\TEXTBR~1.0\Bin\EXCELA~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B01F822E-5D6B-474A-8CA7-58FCC50BA035}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\MSPUB.EXE /IMG_WIA". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B7A32F2-3E64-11D1-B5FE-00A024080301}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPExpImp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{364EA1A3-8100-11D0-A196-00A0C9084C89}" refers to invalid object "C:\WINDOWS\system32\WordAcc.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C21BCD5-F27A-11D2-BB98-00C04F72DA55}" refers to invalid object "C:\PROGRA~1\Bradbury\TOPSTY~1\TSLite3.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5CD45683-B281-11D1-8C73-00805F011DD6}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPPgCtl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{616664C4-38E7-11D1-839A-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PaprPort.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{70B410B1-BADA-11D4-8308-0080C8D7ED4A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Bridge.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7C311910-1435-11D1-8AB0-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPFldrVw.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{910A56F6-0D16-11D1-8AAE-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPFolder.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{916CD3A3-14CB-11D1-92B7-444553540000}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPLinkBr.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{93D50763-23F1-11D1-8397-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPDeskVw.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B8532AA0-4F93-11D1-98A4-00A0C925C2AC}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPOcrMg.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B9D87DF7-1A73-11D1-8AB1-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPThumb.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CAC9FCA3-6045-11D1-8355-080009ACD8A8}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\SmplSrch.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D38659B2-BFD0-11D0-A1E6-00A0C9084C89}" refers to invalid object "C:\WINDOWS\System32\ExcelAcc.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D5B7FCA0-3040-11D1-92BA-444553540000}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPScanMg.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E261990A-29C8-11D1-B5FE-00A024080301}" refers to invalid object "C:\Program Files\ScanSoft\PaperPort\PPPrint.exe". Action Taken: No Action Taken.
Entry "HKCR\.acf" refers to invalid object "Photoshop.CustomFilterKernel". Action Taken: No Action Taken.
Entry "HKCR\.act" refers to invalid object "Photoshop.ColorTableFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\8BA_auto_file\shell\open\command" refers to invalid object ""C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\ACDSee.PSD" refers to invalid object "{32DDCE4C-C4FB-11d1-AAB2-00C04FA3014E}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\BridgeVu\shell\open\command" refers to invalid object "c:\Bridge Base Online\NetBridgeVu.exe %1". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\EasyB.Document\shell\open\command" refers to invalid object "C:\Games\EASYBR~1\EASYBR~1.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\FPXMIXFilter.DSPrintQueue" refers to invalid object "{12A9ACBF-F184-44BE-1F11-E6BA8193E12B}". Action Taken: No Action Taken.
Entry "HKCR\KoolMoves.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\KOOLMO~1\KOOLMO~1.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MRK_auto_file\shell\open\command" refers to invalid object "C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\Serif3DPlusServer\shell\open\command" refers to invalid object "C:\Program Files\Serif\wp60\program\3dplusserver.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\TIS_auto_file\shell\open\command" refers to invalid object "C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_570.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_9E4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_A18.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_A44.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_A54.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_A78.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_A84.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_AB4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B08.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B10.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B28.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B2C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B38.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B48.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B68.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_B74.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_BA0.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_BA4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_BC0.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_BDC.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C20.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C28.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C2C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C30.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C34.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C50.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C6C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C78.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_C8C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_CB8.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\Temp\lf_E70.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Margo\LOCALS~1\TEMPOR~1\Content.IE5\KHIZS5MV\fddli_1200_Mw_s_Inst-79[1].exe tagged as "not-a-virus:AdWare.Win32.Gator.o". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B2484E.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B6724A.zip infected by "Trojan-Spy.Win32.Small.cg" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03A75440 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\094B79B3.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E312825 tagged as "not-a-virus:AdWare.Win32.WinAD.bs". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E345221 tagged as "not-a-virus:AdWare.Win32.WinAD.bv". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\116A1BAF.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11716FA8.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11A8396B.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2254F3.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C554C0F.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7A5E0A.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D11B78.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\247F0FD1.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DDC24C6.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DE622BB.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E276A73.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5C0A3A.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3773240A.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C70560E.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C70560E.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C772A07.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C7D7DFF.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EE14431.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45AE3100.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46E61B92.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E620748.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EF3145C.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EFA6855.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59C9355D.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DFB76D3.exe infected by "Trojan-Downloader.Win32.Small.mg" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E4D5304 infected by "Exploit.Win32.IMG-ANI.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E5750BE.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E9B0022.exe infected by "Trojan-Downloader.Win32.Small.mg" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\637B7DFB tagged as "not-a-virus:AdWare.Win32.WinAD.bv". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\653D64FD.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69EE3DE4.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AA462BF.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B925BB8.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BAC2B9B.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7150333A.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72756C24.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75086F9C.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76E8015B.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A0E0E14.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1770CA infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_570.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_9E4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_A18.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_A44.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_A54.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_A78.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_A84.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_AB4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B08.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B10.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B28.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B2C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B38.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B48.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B68.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_B74.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_BA0.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_BA4.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_BC0.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_BDC.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C20.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C28.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C2C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C30.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C34.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C50.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C6C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C78.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_C8C.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_CB8.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temp\lf_E70.tmp infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Margo\Local Settings\Temporary Internet Files\Content.IE5\KHIZS5MV\fddli_1200_Mw_s_Inst-79[1].exe tagged as "not-a-virus:AdWare.Win32.Gator.o". Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp tagged as "not-a-virus:AdWare.Win32.BMCentral.a". Action Taken: No Action Taken.
File C:\promax2.chm infected by "Trojan.Win32.Dialer.ce" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C3BE6AE0-5F33-47F4-90DC-FAC4475F44BA}\RP7\A0001202.exe tagged as "not-a-virus:Dialer.Win32.gen". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C3BE6AE0-5F33-47F4-90DC-FAC4475F44BA}\RP9\A0001288.exe infected by "Trojan-Downloader.Win32.Dluca.ci" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll tagged as "not-a-virus:Dialer.Win32.BT.a". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virus:Downloader.Win32.PopCap.b. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B2484E.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B6724A.zip infected by "Trojan-Spy.Win32.Small.cg" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03A75440 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\094B79B3.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E312825 tagged as "not-a-virus:AdWare.Win32.WinAD.bs". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E345221 tagged as "not-a-virus:AdWare.Win32.WinAD.bv". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\116A1BAF.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11716FA8.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11A8396B.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2254F3.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C554C0F.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7A5E0A.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D11B78.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\247F0FD1.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DDC24C6.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DE622BB.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E276A73.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5C0A3A.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3773240A.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C70560E.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C70560E.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C772A07.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C7D7DFF.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EE14431.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45AE3100.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46E61B92.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E620748.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EF3145C.anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
File C:\Docu
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Eileanbeag » January 16th, 2006, 7:19 pm

Logfile of HijackThis v1.99.1
Scan saved at 23:17:37, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/c ... /bt1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/c ... /ot0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3424935156
O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.2/g_bin/eng/bridge_2_0_0_14.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btinternet.com/template ... rol013.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftes ... TPTest.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/template ... rol023.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Hope I have done this right
Eileanbeag
Active Member
 
Posts: 12
Joined: January 12th, 2006, 3:43 pm

Unread postby Susan528 » January 16th, 2006, 7:23 pm

Yes, you have done this right and I have gained some valuable information.
Thanks.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware