Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help me

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help me

Unread postby Amy » January 21st, 2006, 6:46 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:37:00 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.211:8000/Java/cfs31235.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5019988516
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm
Advertisement
Register to Remove

Unread postby ChrisRLG » January 21st, 2006, 6:48 pm

amy is in the chatroom - wng and myself are assisting.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby ChrisRLG » January 21st, 2006, 6:57 pm

wng provided a link to ewido for download and running.

<wng_z3r0> what trojan is infecting you? Do you know the name
<amy> crypt32chain i think...then 2 days ago i got another trojan
<wng_z3r0> ok
<wng_z3r0> let's run an ewido scan
<wng_z3r0> instructions are here: http://spyware-free.us/tutorials/ewido
<wng_z3r0> post the log in your topic @ www.malwareremoval.com/forum
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

ewido scan

Unread postby Amy » January 21st, 2006, 7:46 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:42:38 PM, 1/21/2006
+ Report-Checksum: 6BEE5103

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

Unread postby wng_z3r0 » January 21st, 2006, 7:55 pm

Doubleclick on HijackThis.
Then click on the button that says run a system scan
Then place a check next to the following items: (don't hit fix just yet!)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l


Now hit the fix button.
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby Amy » January 21st, 2006, 8:31 pm

i fix these items however it didnt get rid of they problem :(
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

Unread postby wng_z3r0 » January 21st, 2006, 8:37 pm

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard) << very important to use extended it possible
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby Amy » January 21st, 2006, 10:14 pm

the scan did not find anything.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 21, 2006 20:10:59
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/01/2006
Kaspersky Anti-Virus database records: 172346
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 31991
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 2056 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

Unread postby wng_z3r0 » January 21st, 2006, 10:37 pm

please download Rootkit Revealer to your desktop. Unzip the file. Turn off your real time antivirus for a moment. Then go to file->scan
This will take some time. When it's done, go to file->save
save the logfile to the desktop, and then past the contents here.
*Don't forget to turn your AV back on afterwards*
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby Amy » January 22nd, 2006, 5:52 pm

Well unfortunately nothing is working....thanks for trying to help guys. i appreciate it. :)
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

Unread postby ChrisRLG » January 22nd, 2006, 6:03 pm

Can we have another HJT log please - or are you reformating the machine.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby Amy » January 22nd, 2006, 6:06 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:05:38 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.211:8000/Java/cfs31235.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5019988516
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

here is my norton activity for the past few weeks as well

Unread postby Amy » January 22nd, 2006, 6:08 pm

Date: 8/25/2005, Time: 20:41:02, Owner on DELL371RD21
Virus scan started.

Date: 8/25/2005, Time: 20:41:04, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 4
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 8/25/2005, Time: 20:58:00, Owner on DELL371RD21
Virus scan started.

Date: 8/25/2005, Time: 20:58:00, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 101
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 8/26/2005, Time: 17:37:20, Owner on DELL371RD21
Virus scan started.

Date: 8/26/2005, Time: 17:37:20, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 3
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 8/26/2005, Time: 18:12:14, Owner on DELL371RD21
Virus scan started.

Date: 8/26/2005, Time: 18:12:16, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 3
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 9/5/2005, Time: 18:45:08, Owner on DELL371RD21
Virus scan started.

Date: 9/5/2005, Time: 18:45:08, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 5
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 10/8/2005, Time: 20:13:42, Owner on DELL371RD21
Virus scan started.

Date: 10/8/2005, Time: 20:13:44, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 2
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 10/31/2005, Time: 22:00:48, Owner on DELL371RD21
Virus scan started.

Date: 10/31/2005, Time: 22:00:48, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/3/2005, Time: 21:35:34, Owner on DELL371RD21
Virus scan started.

Date: 11/3/2005, Time: 21:35:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/3/2005, Time: 21:35:36, Owner on DELL371RD21
Virus scan started.

Date: 11/3/2005, Time: 21:35:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/6/2005, Time: 20:41:22, Owner on DELL371RD21
Virus scan started.

Date: 11/6/2005, Time: 20:41:24, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/6/2005, Time: 20:42:46, Owner on DELL371RD21
Virus scan started.

Date: 11/6/2005, Time: 20:42:46, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scan started.

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scan started.

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scan started.

Date: 11/6/2005, Time: 21:02:20, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/17/2005, Time: 18:51:22, Owner on DELL371RD21
Virus scan started.

Date: 11/17/2005, Time: 18:51:24, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/17/2005, Time: 18:51:24, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/17/2005, Time: 18:51:28, Owner on DELL371RD21
Virus scan started.

Date: 11/17/2005, Time: 18:51:28, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/17/2005, Time: 18:51:32, Owner on DELL371RD21
Virus scan started.

Date: 11/17/2005, Time: 18:51:32, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/17/2005, Time: 19:56:12, Owner on DELL371RD21
Virus scan started.

Date: 11/17/2005, Time: 19:56:12, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 4
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:45:30, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:45:32, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:45:34, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:45:34, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:46:36, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:46:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:46:38, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:46:38, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:51:36, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:51:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/22/2005, Time: 22:51:36, Owner on DELL371RD21
Virus scan started.

Date: 11/22/2005, Time: 22:51:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 11/29/2005, Time: 19:23:24, Owner on DELL371RD21
Virus scan started.

Date: 11/29/2005, Time: 19:23:24, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 4
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/5/2005, Time: 21:14:16, Owner on DELL371RD21
Virus scan started.

Date: 12/5/2005, Time: 21:14:16, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/5/2005, Time: 21:14:18, Owner on DELL371RD21
Virus scan started.

Date: 12/5/2005, Time: 21:14:18, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/5/2005, Time: 21:15:46, Owner on DELL371RD21
Virus scan started.

Date: 12/5/2005, Time: 21:15:46, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/5/2005, Time: 21:15:46, Owner on DELL371RD21
Virus scan started.

Date: 12/5/2005, Time: 21:15:46, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/10/2005, Time: 9:43:08, Owner on DELL371RD21
Virus scan started.

Date: 12/10/2005, Time: 9:43:10, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 105
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 12/20/2005, Time: 21:55:54, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVVZU0X9\eins005[1].exe
is infected with the Download.Trojan virus.
Unable to repair this file.


Date: 12/20/2005, Time: 21:55:54, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVVZU0X9\eins005[1].exe
is infected with the Download.Trojan virus.
Access to the file was denied.


Date: 12/20/2005, Time: 22:10:12, Owner on DELL371RD21
Virus scan started.

Date: 12/21/2005, Time: 6:05:14, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 47972
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/4/2006, Time: 16:49:16, Administrator on DELL371RD21
Virus scan started.

Date: 1/4/2006, Time: 17:17:38, Administrator on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 48520
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/4/2006, Time: 17:52:08, Administrator on DELL371RD21
Virus scan started.

Date: 1/4/2006, Time: 18:20:52, Administrator on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 48655
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/5/2006, Time: 19:15:08, Owner on DELL371RD21
Virus scan started.

Date: 1/5/2006, Time: 19:15:10, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 3
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/5/2006, Time: 20:41:28, Owner on DELL371RD21
Virus scan started.

Date: 1/5/2006, Time: 20:41:30, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 4
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/5/2006, Time: 23:11:34, Owner on DELL371RD21
Virus scan started.

Date: 1/5/2006, Time: 23:11:36, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/6/2006, Time: 18:03:58, Owner on DELL371RD21
Virus scan started.

Date: 1/6/2006, Time: 18:04:00, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/6/2006, Time: 18:04:02, Owner on DELL371RD21
Virus scan started.

Date: 1/6/2006, Time: 18:04:02, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 1/17/2006, Time: 18:56:26, Owner on DELL371RD21
Virus scan started.

Date: 1/17/2006, Time: 19:00:40, Owner on DELL371RD21
Virus scan canceled.

Date: 1/19/2006, Time: 21:33:46, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Unable to repair this file.


Date: 1/19/2006, Time: 21:33:50, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Access to the file was denied.


Date: 1/19/2006, Time: 21:33:50, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Unable to repair this file.


Date: 1/19/2006, Time: 21:33:50, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Access to the file was denied.


Date: 1/19/2006, Time: 21:33:50, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Unable to repair this file.


Date: 1/19/2006, Time: 21:33:50, Owner on DELL371RD21
The file
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5EN09UF\Microsoft[1].wmf
is infected with the Download.Trojan virus.
Access to the file was denied.


Date: 1/21/2006, Time: 18:42:42, Owner on DELL371RD21
Virus scan started.

Date: 1/21/2006, Time: 18:42:44, Owner on DELL371RD21
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 8
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm

Unread postby ChrisRLG » January 22nd, 2006, 6:17 pm

This line you can fix in HJT (as you did before ) just make sure all other windows are closed.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html

What symptems do you have now.

That last AV scan came up clean. All the others found in the temp internet folder - that can have everything in it deleted (but not the folder itself).

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVVZU0X9\eins005[1].exe

Please explain what problems you now have.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby Amy » January 22nd, 2006, 6:23 pm

My computer keeps clicking like it does when you are in your browser going from site to site. just keeps clicking....then if you go to system tools and do a disk clean up it has over 20,000 temp files in under 2 days. this crypt32chain i was told goes out the and bounces off sites on the internet looking for personal information.
Amy
Active Member
 
Posts: 8
Joined: January 21st, 2006, 6:42 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware