Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

abkars.dll; browser helper object

Started by Craig9998 , Nov 15 2006 10:57 AM

  • Please log in to reply

#16
Craig9998
Posted 16 November 2006 - 02:28 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did note your comment about Bit Torrent. I typically use it for downloading tv shows I've missed and haven't recorded otherwise.

I do not know what the quote refers to. No idea at all.

Here is the log you requested.

craig - 06-11-16 14:11:08.92 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"

((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


2006-11-16 06:58 126,996 --a------ C:\WINDOWS\SYSTEM32\auewnnrj.dll
2006-11-15 13:53 277,182 --a------ C:\combofix.exe
2006-11-04 20:25 1,321,744 --a------ C:\WINDOWS\SYSTEM32\msxml6.dll
2006-11-02 13:25 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
2006-10-22 09:41 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-10-19 23:26 106,516 --a------ C:\WINDOWS\SYSTEM32\kpqvllmk.dll
2006-10-19 15:59 225,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
2006-10-17 12:33 6,049,280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-17 12:33 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-17 12:33 458,752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-17 12:33 180,736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-17 12:05 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:01 13,312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-17 11:58 61,952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 11:58 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 11:57 266,752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 11:27 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-16 13:03 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 13:01 -------- d-------- C:\Program Files\Hijackthis
2006-11-16 11:58 -------- d-------- C:\Documents and Settings\craig\Application Data\uTorrent
2006-11-15 17:43 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-15 15:28 -------- d-------- C:\Documents and Settings\craig\Application Data\OpenOffice.org2
2006-11-15 09:05 -------- d-------- C:\Program Files\Remove on Reboot
2006-11-14 15:42 -------- d-------- C:\Documents and Settings\craig\Application Data\ApplicationHistory
2006-11-08 08:32 203264 --a------ C:\Documents and Settings\craig\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-11-02 13:23 98512 --a------ C:\WINDOWS\GREUninstall.exe
2006-11-02 13:22 -------- d-------- C:\Program Files\mozilla.org
2006-10-31 18:52 -------- d-------- C:\Program Files\Games
2006-10-31 18:42 -------- d-------- C:\Program Files\Real
2006-10-31 18:38 -------- d-------- C:\Program Files\BeamFile
2006-10-31 18:36 -------- d-------- C:\Program Files\AbiSuite2
2006-10-28 22:05 -------- d-------- C:\Program Files\BitSpirit
2006-10-27 09:42 -------- d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2006-10-22 10:28 -------- dr------- C:\Documents and Settings\craig\Application Data\Microsoft
2006-10-22 10:24 -------- d-------- C:\Program Files\VSToolbar
2006-10-22 10:07 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 09:35 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-22 08:48 -------- dr------- C:\Program Files\Common Files\Microsoft Shared
2006-10-22 08:48 -------- d-------- C:\Program Files\XLView
2006-10-21 20:07 196768 --a------ C:\Documents and Settings\craig\Application Data\GDIPFONTCACHEV1.DAT
2006-10-21 19:58 -------- d-------- C:\Program Files\Microsoft Office
2006-10-21 17:05 -------- d-a------ C:\Program Files\Common Files
2006-10-21 17:05 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-21 17:03 -------- d-------- C:\Program Files\Microsoft Works
2006-10-17 12:33 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-17 12:33 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-17 12:33 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:01 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-17 12:01 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-17 12:01 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-17 12:01 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-17 12:01 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-17 12:00 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-17 12:00 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-17 12:00 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 11:23 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-16 17:30 -------- d-------- C:\Program Files\Trillian
2006-10-13 06:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-12 15:32 -------- d-------- C:\Program Files\iTunes
2006-10-12 15:30 -------- d-------- C:\Program Files\iPod
2006-10-12 15:06 -------- d-------- C:\Program Files\QuickTime
2006-10-10 18:00 -------- d-------- C:\Documents and Settings\craig\Application Data\Simple Sudoku
2006-10-09 21:05 -------- d-------- C:\Documents and Settings\craig\Application Data\Azureus
2006-10-09 20:37 -------- d-------- C:\Program Files\Simple Sudoku
2006-09-27 16:07 -------- d-------- C:\Documents and Settings\craig\Application Data\Skype
2006-09-25 18:36 -------- d-------- C:\Program Files\Opera7
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-17 06:28 721920 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-08-17 06:28 132096 --a------ C:\WINDOWS\SYSTEM32\wkssvc.dll
2006-08-16 05:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeRAM XP"="\"C:\\Program Files\\FreeRAMXPPro\\FreeRAM XP Pro 1.40.exe\" -win"
"Google Desktop for OE"="\"C:\\Program Files\\GDS for OE\\gdsoe.exe\" install"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"
"HP SchedIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppschedindexer.exe"
"HP AutoIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppautoindexer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
@=""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SpyHunter"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"="rundll32.exe C:\\WINDOWS\\system32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"Printing Migration"="rundll32.exe C:\\WINDOWS\\system32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"AIM"="C:\\PROGRAM FILES\\NETSCAPE\\COMMUNICATOR\\PROGRAM\\AIM\\aim.exe -cnetwait.odl"
"WeatherCast"="C:\\PROGRA~1\\WEATHE~1\\Weather.exe /q"
"msnmsgr"="C:\\PROGRAM FILES\\MSN MESSENGER\\MSNMSGR.EXE /background"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"
"warez"="\"C:\\PROGRAM FILES\\WAREZ P2P CLIENT\\WAREZ.EXE\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM32\\qttask.exe\" -atboottime"
"P2P NETWORKING"="C:\\WINDOWS\\SYSTEM\\P2P NETWORKING\\P2P NETWORKING.EXE /AUTOSTART"
"madexe"="C:\\Program Files\\Dell\\Resolution Assistant\\MotiveAssistant\\bin\\mad.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"AudioHQ"="C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"Adaptec DirectCD"="C:\\PROGRA~1\\ADAPTEC\\DIRECTCD\\DIRECTCD.EXE"
"LoadQM"="loadqm.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"seticlient"="C:\\Program Files\\SETI@home\\[email protected] -min"
"ICSDCLT"="C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\ICSDCLT.DLL,ICSClient"
"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="\"C:\\Program Files\\PD\\shwicon.exe\" -t\"The Company\\USB Flash HDD Series Driver v1.17r022\""
"SetPoint"="C:\\Program Files\\Logitech\\SetPoint\\KEM.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"HP SchedIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppschedindexer.exe"
"HP AutoIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppautoindexer.exe"
"MSConfigReminder"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\MSCONFIG.EXE /reminder"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\WinPatrol.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\NVCPL.DLL,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\NVMCTRAY.DLL,NvTaskbarInit"
"NAV Agent"="C:\\PROGRA~1\\NORTON~3\\NORTON~1\\NAVAPW32.EXE"
"NPROTECT"="C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\NPROTECT.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LicCtrl"="runservice.exe"
"CSINJECT.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 06-11-16 14:15:53.42
C:\ComboFix.txt ... 06-11-16 14:15
C:\ComboFix2.txt ... 06-11-16 12:28
C:\ComboFix3.txt ... 06-11-16 06:16
  • 0

Advertisements

#17
Wizard
Posted 16 November 2006 - 02:50 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
  • Double-click VundoFix.exe to run it again.
  • Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the entries below into the open boxes
    • C:\WINDOWS\SYSTEM32\kpqvllmk.dll
    • C:\WINDOWS\SYSTEM32\auewnnrj.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt

Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here
  • 0

#18
Craig9998
Posted 16 November 2006 - 03:35 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the Vundo scan. I'll do the Bitdefender scan and post when completed.


Beginning removal...

Attempting to delete C:\WINDOWS\Drivers\abkars.dll
C:\WINDOWS\Drivers\abkars.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\kpqvllmk.dll
C:\WINDOWS\SYSTEM32\kpqvllmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\auewnnrj.dll
C:\WINDOWS\SYSTEM32\auewnnrj.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#19
Craig9998
Posted 17 November 2006 - 11:08 AM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's the BitDefender scan results. I must say I am surprised after years of full system scans that this scan is scanning files and determining them to be infected. Is there a problem with Norton AV? Have these things been active on my systems for years?

I should point out that I back up some C drive files to a second internal drive (G) and then to an external drive (H) so there may be duplications here. I tried to install a new second internal HD earlier in the year, partitioned to have the operating system on a D drive, with the intent of swapping it for the current C drive and then getting another bigger second internal HD. The intended swap failed, leaving me with the C drive, a second internal partitioned into D and G drives (E and F are CD/DVD drives).



BitDefender Online Scanner







Scan report generated at: Fri, Nov 17, 2006 - 10:27:13









Scan path: C:\Documents and Settings\Alex\My Documents;C:\Documents and Settings\craig\My Documents;C:\Documents and Settings\Joshua\My Documents;C:\WINDOWS\All Users\Documents;A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;M:\;















Statistics

Time


18:40:05

Files


2972582

Folders


26000

Boot Sectors


9

Archives


694754

Packed Files


103359







Results

Identified Viruses


34

Infected Files


212

Suspect Files


51

Warnings


0

Disinfected


1

Deleted Files


229







Engines Info

Virus Definitions


316382

Engine build


AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)

Scan plugins


13

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Prompt

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019304C5.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Zlob.QZ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019304C5.exe=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019304C5.exe=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03091792.sys=>(Quarantine-2)


Infected with: Trojan.Downloader.Zlob.QZ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03091792.sys=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03091792.sys=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8F3AAF.exe=>(Quarantine-2)


Infected with: Trojan.Agent.CUR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8F3AAF.exe=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8F3AAF.exe=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC7588C.exe=>(Quarantine-2)


Infected with: Joke.Slippery.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC7588C.exe=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC7588C.exe=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\260613DF.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\260613DF.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\260613DF.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D61DAC.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D61DAC.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D61DAC.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36904960.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36904960.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36904960.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38573724.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38573724.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38573724.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AF10BC9.tmp=>(Quarantine-2)


Infected with: WM.Concept.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AF10BC9.tmp=>(Quarantine-2)


Disinfected

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AF10BC9.tmp


Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D1F4349.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D1F4349.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D1F4349.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DB326F1.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DB326F1.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DB326F1.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DE13CD7.exe=>(Quarantine-2)


Infected with: Joke.Slippery.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DE13CD7.exe=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DE13CD7.exe=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C10E8C.dll=>(Quarantine-2)


Infected with: Trojan.Spy.Vbstat.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C10E8C.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C10E8C.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA97358.exe=>(Quarantine-2)


Infected with: Trojan.Adload.MAS

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA97358.exe=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA97358.exe=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7B2F4B.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7B2F4B.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7B2F4B.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC00E34.wmf=>(Quarantine-2)


Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC00E34.wmf=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC00E34.wmf=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68543655.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68543655.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68543655.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F494819.dll=>(Quarantine-2)


Infected with: Trojan.BHO.G

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F494819.dll=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F494819.dll=>(Quarantine-2)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73864A88.EXE=>(Quarantine-2)


Infected with: Trojan.Downloader.Adload.S

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73864A88.EXE=>(Quarantine-2)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73864A88.EXE=>(Quarantine-2)


Deleted

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)=>[Subject: Re[2]: Proof !!!][Date: Tue, 18 Jul 2006 17:12:37 +0200]=>(MIME part)=>DC0003.JPG.zip=>DC0003.JPG___________________________________________________________________.JPG.exe


Infected with: Trojan.Downloader.Huge.J

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)=>[Subject: Re[2]: Proof !!!][Date: Tue, 18 Jul 2006 17:12:37 +0200]=>(MIME part)=>DC0003.JPG.zip=>DC0003.JPG___________________________________________________________________.JPG.exe


Disinfection failed

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)=>[Subject: Re[2]: Proof !!!][Date: Tue, 18 Jul 2006 17:12:37 +0200]=>(MIME part)=>DC0003.JPG.zip=>DC0003.JPG___________________________________________________________________.JPG.exe


Deleted

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)=>[Subject: Re[2]: Proof !!!][Date: Tue, 18 Jul 2006 17:12:37 +0200]=>(MIME part)=>DC0003.JPG.zip


Updated

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)=>[Subject: Re[2]: Proof !!!][Date: Tue, 18 Jul 2006 17:12:37 +0200]=>(MIME part)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx=>(message 27)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{6732439D-E064-4B6F-9720-BC1C5583845E}\Microsoft\Outlook Express\Inbox.dbx


Update failed

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Infected with: Trojan.Dropper.Delf.FD

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Disinfection failed

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Deleted

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 27)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx


Update failed

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Infected with: Trojan.Dropper.Delf.FD

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Disinfection failed

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip=>FFF.SP2.Cleaner.v3.0.exe


Deleted

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)=>XP.SP2.Cleaner.v3.0(FFF).zip


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)=>[Subject: Morning][Date: Sat, 30 Oct 2004 09:07:00 -0500]=>(MIME part)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx=>(message 28)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Joshua - 2004.dbx


Update failed

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Mail misdelivery issue.dbx=>(message 0)=>(base64)


Infected with: Win32.Sobig.F@mm

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Mail misdelivery issue.dbx=>(message 0)=>(base64)


Deleted

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Mail misdelivery issue.dbx=>(message 0)


Updated

C:\Documents and Settings\craig\Application Data\Identities\{742DC712-BE9D-4EF7-BA65-C0041FC3121A}\Microsoft\Outlook Express\Mail misdelivery issue.dbx


Update failed

C:\Program Files\Google\Google Desktop Search\Troubleshoot Network.exe


Infected with: Trojan.Dloader.NY

C:\Program Files\Google\Google Desktop Search\Troubleshoot Network.exe


Disinfection failed

C:\Program Files\Google\Google Desktop Search\Troubleshoot Network.exe


Deleted

C:\RECYCLER\NPROTECT\00000380.EXE


Infected with: Trojan.Dloader.NY

C:\RECYCLER\NPROTECT\00000380.EXE


Disinfection failed

C:\RECYCLER\NPROTECT\00000380.EXE


Deleted

C:\System Volume Information\_restore{CC143F2D-DDE3-4770-8AD4-B987F075B545}\RP495\A1359200.EXE


Infected with: Trojan.Dloader.NY

C:\System Volume Information\_restore{CC143F2D-DDE3-4770-8AD4-B987F075B545}\RP495\A1359200.EXE


Disinfection failed

C:\System Volume Information\_restore{CC143F2D-DDE3-4770-8AD4-B987F075B545}\RP495\A1359200.EXE


Deleted

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Infected with: Java.Trojan.Nocheat.A

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Disinfection failed

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Deleted

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Infected with: Java.Trojan.Nocheat.A

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Disinfection failed

C:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Infected with: Java.Trojan.Exploit.Bytverify2.Gen

C:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip


Updated

C:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Infected with: Java.Trojan.Downloader.OpenStream.H

C:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Disinfection failed

C:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Deleted

C:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip


Updated

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Infected with: Java.Trojan.Nocheat.A

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Disinfection failed

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-6661719b-11555acb.class


Deleted

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Infected with: Java.Trojan.Nocheat.A

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Disinfection failed

D:\WINDOWS\.jpi_cache\file\1.0\ok.class-724f5bf8-6a36f9ef.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Gummy.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip=>Beyond.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-1d22a678-1610277f.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip=>Gummy.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-12a85cdf.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Gummy.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip=>Beyond.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-5157872c-17b3ebff.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Gummy.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Infected with: Java.Trojan.ClassLoader.K

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip=>Beyond.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-60445f44-41c53a98.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Infected with: Java.Trojan.Exploit.Bytverify

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip=>Gummy.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-3ef4a51e.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Infected with: Java.Trojan.Exploit.Bytverify2.Gen

D:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip=>Beyond.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-6afabbec-56d9d7be.zip


Updated

D:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Infected with: Java.Trojan.Downloader.OpenStream.H

D:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Disinfection failed

D:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip=>Beyond.class


Deleted

D:\WINDOWS\.jpi_cache\jar\1.0\plugin.jar-3e14071c-4ae5850b.zip


Updated

G:\Craig\diskettes\Software\DOS 4.01\DOS 4.01 Operating 1 of 3\MORE.COM


Suspected of: Flash.688

G:\Craig\diskettes\Software\DOS 4.01\DOS 4.01 Operating 1 of 3\MORE.COM


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 39)=>[Subject: [freenet-support] How are you][Date: Fri, 31 May 2002 00:45:11 +0900]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 39)=>[Subject: [freenet-support] How are you][Date: Fri, 31 May 2002 00:45:11 +0900]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 215)=>[Subject: [freenet-support] Fw: resume][Date: Fri,05 Jul 2002 03:49:09 PM]=>(MIME part)=>resume.mdb.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 215)=>[Subject: [freenet-support] Fw: resume][Date: Fri,05 Jul 2002 03:49:09 PM]=>(MIME part)=>resume.mdb.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 215)=>[Subject: [freenet-support] Fw: resume][Date: Fri,05 Jul 2002 03:49:09 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 215)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 237)=>[Subject: [freenet-support] 44FF][Date: Thu,27 Jun 2002 21:37:08 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 237)=>[Subject: [freenet-support] 44FF][Date: Thu,27 Jun 2002 21:37:08 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 237)=>[Subject: [freenet-support] 44FF][Date: Thu,27 Jun 2002 21:37:08 PM]=>(MIME part)=>44FF.mp3.pif


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 237)=>[Subject: [freenet-support] 44FF][Date: Thu,27 Jun 2002 21:37:08 PM]=>(MIME part)=>44FF.mp3.pif


Deleted

G:\Craig\Freenet support.mbox=>(message 237)=>[Subject: [freenet-support] 44FF][Date: Thu,27 Jun 2002 21:37:08 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 237)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 242)=>[Subject: [freenet-support] Fw: humour Love to s][Date: Tue,09 Jul 2002 19:44:13 PM]=>(MIME part)=>friendsworld.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 242)=>[Subject: [freenet-support] Fw: humour Love to s][Date: Tue,09 Jul 2002 19:44:13 PM]=>(MIME part)=>friendsworld.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 242)=>[Subject: [freenet-support] Fw: humour Love to s][Date: Tue,09 Jul 2002 19:44:13 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 242)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>passionup.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)=>passionup.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 243)=>[Subject: [freenet-support] Fw: !][Date: Tue,09 Jul 2002 21:13:53 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 243)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 266)=>[Subject: [freenet-support] Fw: goldfish][Date: Tue,16 Jul 2002 22:51:11 PM]=>(MIME part)=>goldfish.dat.bat


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 266)=>[Subject: [freenet-support] Fw: goldfish][Date: Tue,16 Jul 2002 22:51:11 PM]=>(MIME part)=>goldfish.dat.bat


Deleted

G:\Craig\Freenet support.mbox=>(message 266)=>[Subject: [freenet-support] Fw: goldfish][Date: Tue,16 Jul 2002 22:51:11 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 266)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 300)=>[Subject: [freenet-support] Fw: t][Date: Tue,23 Jul 2002 23:47:01 PM]=>(MIME part)=>t.zip.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 300)=>[Subject: [freenet-support] Fw: t][Date: Tue,23 Jul 2002 23:47:01 PM]=>(MIME part)=>t.zip.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 300)=>[Subject: [freenet-support] Fw: t][Date: Tue,23 Jul 2002 23:47:01 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 300)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 305)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 17:57:10 PM]=>(MIME part)=>t.dat.bat


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 305)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 17:57:10 PM]=>(MIME part)=>t.dat.bat


Deleted

G:\Craig\Freenet support.mbox=>(message 305)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 17:57:10 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 305)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 308)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:01:41 PM]=>(MIME part)=>t.zip.bat


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 308)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:01:41 PM]=>(MIME part)=>t.zip.bat


Deleted

G:\Craig\Freenet support.mbox=>(message 308)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:01:41 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 308)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 309)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:55:04 PM]=>(MIME part)=>t.htm.bat


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 309)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:55:04 PM]=>(MIME part)=>t.htm.bat


Deleted

G:\Craig\Freenet support.mbox=>(message 309)=>[Subject: [freenet-support] Fw: t][Date: Wed,24 Jul 2002 23:55:04 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 309)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>t.txt.bat


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)=>t.txt.bat


Deleted

G:\Craig\Freenet support.mbox=>(message 310)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 00:05:17 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 310)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 316)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:42:42 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 316)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:42:42 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 316)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:42:42 PM]=>(MIME part)=>t.txt.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 316)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:42:42 PM]=>(MIME part)=>t.txt.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 316)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:42:42 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 316)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 317)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:51:53 PM]=>(MIME part)=>t.wav


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 317)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:51:53 PM]=>(MIME part)=>t.wav


Deleted

G:\Craig\Freenet support.mbox=>(message 317)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 08:51:53 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 317)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>t.mpg.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)=>t.mpg.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 318)=>[Subject: [freenet-support] Fw: t][Date: Thu,25 Jul 2002 15:32:31 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 318)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 521)=>[Subject: [freenet-support] Fw: Nieuw - Tekstdoc][Date: Mon,09 Sep 2002 22:41:56 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 521)=>[Subject: [freenet-support] Fw: Nieuw - Tekstdoc][Date: Mon,09 Sep 2002 22:41:56 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 521)=>[Subject: [freenet-support] Fw: Nieuw - Tekstdoc][Date: Mon,09 Sep 2002 22:41:56 PM]=>(MIME part)=>Nieuw


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 521)=>[Subject: [freenet-support] Fw: Nieuw - Tekstdoc][Date: Mon,09 Sep 2002 22:41:56 PM]=>(MIME part)=>Nieuw


Deleted

G:\Craig\Freenet support.mbox=>(message 521)=>[Subject: [freenet-support] Fw: Nieuw - Tekstdoc][Date: Mon,09 Sep 2002 22:41:56 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 521)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 554)=>[Subject: [freenet-support] Fw: Chris 6][Date: Thu, 19 Sep 2002 18:56:45 +0000 (PM)]=>(MIME part)=>Chris6.jpg.pif


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 554)=>[Subject: [freenet-support] Fw: Chris 6][Date: Thu, 19 Sep 2002 18:56:45 +0000 (PM)]=>(MIME part)=>Chris6.jpg.pif


Deleted

G:\Craig\Freenet support.mbox=>(message 554)=>[Subject: [freenet-support] Fw: Chris 6][Date: Thu, 19 Sep 2002 18:56:45 +0000 (PM)]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 554)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 642)=>[Subject: [freenet-support] Fw: Chris 6][Date: Sun, 29 Sep 2002 19:53:49 +0000 (PM)]=>(MIME part)=>Chris6.wav.pif


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 642)=>[Subject: [freenet-support] Fw: Chris 6][Date: Sun, 29 Sep 2002 19:53:49 +0000 (PM)]=>(MIME part)=>Chris6.wav.pif


Deleted

G:\Craig\Freenet support.mbox=>(message 642)=>[Subject: [freenet-support] Fw: Chris 6][Date: Sun, 29 Sep 2002 19:53:49 +0000 (PM)]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 642)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 656)=>[Subject: [freenet-support] Fw: Best Friends !!][Date: Tue, 01 Oct 2002 20:50:07 +0000 (PM)]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 656)=>[Subject: [freenet-support] Fw: Best Friends !!][Date: Tue, 01 Oct 2002 20:50:07 +0000 (PM)]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 656)=>[Subject: [freenet-support] Fw: Best Friends !!][Date: Tue, 01 Oct 2002 20:50:07 +0000 (PM)]=>(MIME part)=>freescreensaver.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 656)=>[Subject: [freenet-support] Fw: Best Friends !!][Date: Tue, 01 Oct 2002 20:50:07 +0000 (PM)]=>(MIME part)=>freescreensaver.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 656)=>[Subject: [freenet-support] Fw: Best Friends !!][Date: Tue, 01 Oct 2002 20:50:07 +0000 (PM)]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 656)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1086)=>[Subject: [freenet-support] Fw: Friendship Scree][Date: Mon,28 Oct 2002 10:35:07 PM]=>(MIME part)=>screensaver4u.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1086)=>[Subject: [freenet-support] Fw: Friendship Scree][Date: Mon,28 Oct 2002 10:35:07 PM]=>(MIME part)=>screensaver4u.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1086)=>[Subject: [freenet-support] Fw: Friendship Scree][Date: Mon,28 Oct 2002 10:35:07 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1086)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1089)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 10:50:42 PM]=>(MIME part)=>MODULO


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1089)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 10:50:42 PM]=>(MIME part)=>MODULO


Deleted

G:\Craig\Freenet support.mbox=>(message 1089)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 10:50:42 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1089)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1090)=>[Subject: [freenet-support] Fw: Idiot Screensave][Date: Mon,28 Oct 2002 11:06:19 PM]=>(MIME part)=>werfriends.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1090)=>[Subject: [freenet-support] Fw: Idiot Screensave][Date: Mon,28 Oct 2002 11:06:19 PM]=>(MIME part)=>werfriends.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1090)=>[Subject: [freenet-support] Fw: Idiot Screensave][Date: Mon,28 Oct 2002 11:06:19 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1090)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1091)=>[Subject: [freenet-support] Fw: Wowwwwwwwwwww ch][Date: Mon,28 Oct 2002 11:22:26 PM]=>(MIME part)=>werfriends.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1091)=>[Subject: [freenet-support] Fw: Wowwwwwwwwwww ch][Date: Mon,28 Oct 2002 11:22:26 PM]=>(MIME part)=>werfriends.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1091)=>[Subject: [freenet-support] Fw: Wowwwwwwwwwww ch][Date: Mon,28 Oct 2002 11:22:26 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1091)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1092)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 11:38:18 PM]=>(MIME part)=>MODULO


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1092)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 11:38:18 PM]=>(MIME part)=>MODULO


Deleted

G:\Craig\Freenet support.mbox=>(message 1092)=>[Subject: [freenet-support] Fw: MODULO CORRISPON][Date: Mon,28 Oct 2002 11:38:18 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1092)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1093)=>[Subject: [freenet-support] Fw: charming Friends][Date: Mon,28 Oct 2002 11:54:07 PM]=>(MIME part)=>enjoylove.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1093)=>[Subject: [freenet-support] Fw: charming Friends][Date: Mon,28 Oct 2002 11:54:07 PM]=>(MIME part)=>enjoylove.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1093)=>[Subject: [freenet-support] Fw: charming Friends][Date: Mon,28 Oct 2002 11:54:07 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1093)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>bullshitscr.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)=>bullshitscr.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1094)=>[Subject: [freenet-support] Fw: LoveGangs relati][Date: Mon,28 Oct 2002 12:06:51 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1094)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1095)=>[Subject: [freenet-support] Fw: Free Screen save][Date: Mon,28 Oct 2002 12:19:11 PM]=>(MIME part)=>bullshitscr.scr


Infected with: Win32.Yahaa.E@mm

G:\Craig\Freenet support.mbox=>(message 1095)=>[Subject: [freenet-support] Fw: Free Screen save][Date: Mon,28 Oct 2002 12:19:11 PM]=>(MIME part)=>bullshitscr.scr


Deleted

G:\Craig\Freenet support.mbox=>(message 1095)=>[Subject: [freenet-support] Fw: Free Screen save][Date: Mon,28 Oct 2002 12:19:11 PM]=>(MIME part)


Updated

G:\Craig\Freenet support.mbox=>(message 1095)


Updated

G:\Craig\Freenet support.mbox


Updated

G:\Craig\Freenet support.mbox=>(message 1096)=>[Subject: [freenet-support] Fw: Cool Friendship ][Date: Mon,28 Oct 2002 12:31:57 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 1096)=>[Subject: [freenet-support] Fw: Cool Friendship ][Date: Mon,28 Oct 2002 12:31:57 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 1096)=>[Subject: [freenet-support] Fw: Cool Friendship ][Date: Mon,28 Oct 2002 12:31:57 PM]=>(MIME part)=>(message body)


Suspected of: Exploit.Iframe.Vulnerability

G:\Craig\Freenet support.mbox=>(message 1096)=>[Subject: [freenet-support] Fw: Cool Friendship ][Date: Mon,28 Oct 2002 12:31:57 PM]=>(MIME part)=>(message body)


Disinfection failed

G:\Craig\Freenet support.mbox=>(message 1096)=>[Subject: [freenet-support] Fw: Cool Friendship ][Date: Mon,28 Oct 2002 12:31:57 PM]=>(MIME part)=>lo
  • 0

#20
Wizard
Posted 17 November 2006 - 03:53 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Wow!!!!!!

Almost all Emails,Old and New alike.

I dont know what to say about Norton in this case other than,what version are you using and what is the exact Symantec product you have?
  • 0

#21
Craig9998
Posted 17 November 2006 - 04:41 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have been running Systemworks since at least 2000, updating automatically and buying new every 2 years. Currently I am running 2006.

Thanks for helping. If you have any other suggestions, I would appreciate it. As soon as I resurrect my long moribund paypal account, I'll send a donation.
  • 0

#22
Wizard
Posted 17 November 2006 - 05:18 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats fine,I run Norton Internet Security on one of my machines and havent had troubles.

NIS includes an integrated Firewall\Intrusion Detection and thats what makes the difference if you ask me.

Make it very difficult for the bugs to get in,if ya know what I mean.

If you will,scan fresh with ComboFix and post that log.
  • 0

#23
Craig9998
Posted 17 November 2006 - 11:10 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the latest Combofix scan log.

craig - 06-11-17 23:02:22.06 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"

((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))


2006-11-15 13:53 277,182 --a------ C:\combofix.exe
2006-11-04 20:25 1,321,744 --a------ C:\WINDOWS\SYSTEM32\msxml6.dll
2006-11-02 13:25 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
2006-10-22 09:41 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-10-19 15:59 225,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
2006-10-17 12:33 6,049,280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-17 12:33 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-17 12:33 458,752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-17 12:33 180,736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-17 12:05 206,336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:01 13,312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-17 11:58 61,952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 11:58 12,288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 11:57 266,752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 11:27 380,928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 12:28 -------- d-------- C:\Documents and Settings\craig\Application Data\uTorrent
2006-11-17 07:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 13:01 -------- d-------- C:\Program Files\Hijackthis
2006-11-15 17:43 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-15 15:28 -------- d-------- C:\Documents and Settings\craig\Application Data\OpenOffice.org2
2006-11-15 09:05 -------- d-------- C:\Program Files\Remove on Reboot
2006-11-14 15:42 -------- d-------- C:\Documents and Settings\craig\Application Data\ApplicationHistory
2006-11-08 08:32 203264 --a------ C:\Documents and Settings\craig\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-11-02 13:23 98512 --a------ C:\WINDOWS\GREUninstall.exe
2006-11-02 13:22 -------- d-------- C:\Program Files\mozilla.org
2006-10-31 18:52 -------- d-------- C:\Program Files\Games
2006-10-31 18:42 -------- d-------- C:\Program Files\Real
2006-10-31 18:38 -------- d-------- C:\Program Files\BeamFile
2006-10-31 18:36 -------- d-------- C:\Program Files\AbiSuite2
2006-10-28 22:05 -------- d-------- C:\Program Files\BitSpirit
2006-10-27 09:42 -------- d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2006-10-22 10:28 -------- dr------- C:\Documents and Settings\craig\Application Data\Microsoft
2006-10-22 10:24 -------- d-------- C:\Program Files\VSToolbar
2006-10-22 10:07 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 09:35 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-22 08:48 -------- dr------- C:\Program Files\Common Files\Microsoft Shared
2006-10-22 08:48 -------- d-------- C:\Program Files\XLView
2006-10-21 20:07 196768 --a------ C:\Documents and Settings\craig\Application Data\GDIPFONTCACHEV1.DAT
2006-10-21 19:58 -------- d-------- C:\Program Files\Microsoft Office
2006-10-21 17:05 -------- d-a------ C:\Program Files\Common Files
2006-10-21 17:05 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-21 17:03 -------- d-------- C:\Program Files\Microsoft Works
2006-10-17 12:33 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-17 12:33 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-17 12:33 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:01 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-17 12:01 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-17 12:01 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-17 12:01 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-17 12:01 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-17 12:00 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-17 12:00 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-17 12:00 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 11:23 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-16 17:30 -------- d-------- C:\Program Files\Trillian
2006-10-13 06:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-12 15:32 -------- d-------- C:\Program Files\iTunes
2006-10-12 15:30 -------- d-------- C:\Program Files\iPod
2006-10-12 15:06 -------- d-------- C:\Program Files\QuickTime
2006-10-10 18:00 -------- d-------- C:\Documents and Settings\craig\Application Data\Simple Sudoku
2006-10-09 21:05 -------- d-------- C:\Documents and Settings\craig\Application Data\Azureus
2006-10-09 20:37 -------- d-------- C:\Program Files\Simple Sudoku
2006-09-27 16:07 -------- d-------- C:\Documents and Settings\craig\Application Data\Skype
2006-09-25 18:36 -------- d-------- C:\Program Files\Opera7
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-17 06:28 721920 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-08-17 06:28 132096 --a------ C:\WINDOWS\SYSTEM32\wkssvc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeRAM XP"="\"C:\\Program Files\\FreeRAMXPPro\\FreeRAM XP Pro 1.40.exe\" -win"
"Google Desktop for OE"="\"C:\\Program Files\\GDS for OE\\gdsoe.exe\" install"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"
"HP SchedIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppschedindexer.exe"
"HP AutoIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppautoindexer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
@=""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SpyHunter"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"="rundll32.exe C:\\WINDOWS\\system32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"Printing Migration"="rundll32.exe C:\\WINDOWS\\system32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"AIM"="C:\\PROGRAM FILES\\NETSCAPE\\COMMUNICATOR\\PROGRAM\\AIM\\aim.exe -cnetwait.odl"
"WeatherCast"="C:\\PROGRA~1\\WEATHE~1\\Weather.exe /q"
"msnmsgr"="C:\\PROGRAM FILES\\MSN MESSENGER\\MSNMSGR.EXE /background"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"
"warez"="\"C:\\PROGRAM FILES\\WAREZ P2P CLIENT\\WAREZ.EXE\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM32\\qttask.exe\" -atboottime"
"P2P NETWORKING"="C:\\WINDOWS\\SYSTEM\\P2P NETWORKING\\P2P NETWORKING.EXE /AUTOSTART"
"madexe"="C:\\Program Files\\Dell\\Resolution Assistant\\MotiveAssistant\\bin\\mad.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"AudioHQ"="C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"Adaptec DirectCD"="C:\\PROGRA~1\\ADAPTEC\\DIRECTCD\\DIRECTCD.EXE"
"LoadQM"="loadqm.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"seticlient"="C:\\Program Files\\SETI@home\\[email protected] -min"
"ICSDCLT"="C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\ICSDCLT.DLL,ICSClient"
"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="\"C:\\Program Files\\PD\\shwicon.exe\" -t\"The Company\\USB Flash HDD Series Driver v1.17r022\""
"SetPoint"="C:\\Program Files\\Logitech\\SetPoint\\KEM.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"HP SchedIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppschedindexer.exe"
"HP AutoIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppautoindexer.exe"
"MSConfigReminder"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\MSCONFIG.EXE /reminder"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\WinPatrol.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\NVCPL.DLL,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\NVMCTRAY.DLL,NvTaskbarInit"
"NAV Agent"="C:\\PROGRA~1\\NORTON~3\\NORTON~1\\NAVAPW32.EXE"
"NPROTECT"="C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\NPROTECT.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LicCtrl"="runservice.exe"
"CSINJECT.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 06-11-17 23:06:54.70
C:\ComboFix.txt ... 06-11-17 23:06
C:\ComboFix2.txt ... 06-11-16 14:15
C:\ComboFix3.txt ... 06-11-16 12:28
  • 0

#24
Wizard
Posted 18 November 2006 - 01:42 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I just see some disabled leftovers in that log,no worries there.

Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.

  • 0

#25
Craig9998
Posted 18 November 2006 - 03:44 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's the uninstall list.

µTorrent
Actiontec Gateway
Active Disk
Ad-Aware SE Personal
Add/Remove Plus! 1.0
Adobe Acrobat 5.0
Adobe Acrobat eBook Reader
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Download Manager 2.0 (Remove Only)
Adobe PhotoDeluxe Home Edition 3.1
Adobe Photoshop Elements
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Advanced PDF Password Recovery Pro
AFPL Ghostscript 6.50
AFPL Ghostscript 8.14
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Alcohol 120%
All Video Converter 1.5.1
All Video Joiner 1.4.1
All Video Sound Extractor 1.3.1
All Video Splitter 1.5.1
AngelPotion Video Codec V1
AnswerWorks Runtime
Anti-Trojan 5.5
ArcSoft PhotoImpression 2000
Attune 2.3.2
Audio Files GDS Indexer 1.0
Azureus
Backup Dell-Installed Programs
Battle.net
Belarc Advisor 7.1
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
Beta Two Technical Refresh for Microsoft Office 2007 (KB000000): OfficeSPFullFile(12.0.4407.1005): B2TR
BitLord 0.56
BitSpirit v2.6.3 Final Release
BitTornado 0.3.12
BitTorrent 4.1.2-Beta
BitTorrent S-5.8.11 (SHAD0W's Experimental)
BlackBox 1.0
Brad Smith Easy SFV Creator
Brava! Reader 2.3
Britannica 2001 DVD-ROM
CallWave Internet Answering Machine (remove only)
Capture Studio Professional 4.05
ccCommon
CCleaner (remove only)
CDBurnerXP Pro 3
CDisplay 1.8
Celestia 1.4.1
Clone Master
CloneCD
Connection Keep Alive
Connectix Virtual Game Station Demo
Corel Applications
CrossEyes
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.11
Data Lifeguard Tools
DELL DATA FAX MODEM (Uninstall)
Dell Resolution Assistant
Dell ResourceCD
Dell Solution Center
DellNet by MSN
Direct Show Ogg Vorbis Filter (remove only)
DiskSizer 1.0
DjVu Control 4.5
Duplicate File Finder
Easy DVD to DVD Copy
EasyOffice+PDF+AntiVirus
eDrawings 2005
ePAVE
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Scanner Reference Guide
EPSON Smart Panel
EPSON TWAIN 5
EPSON USB Printer Devices
exPressit S.E. 2.1
FastStone Image Viewer 2.30
File Shredder Version 3.02
FileMaker Developer 5
Film Factory
FireTune
FL 2001 Registration
Flock 0.5.13
FoneSync
FontFrenzy
Foxit PDF Editor
Foxit Reader
Gds File Revision History
GNU Privacy Guard
Google Desktop
Google Desktop for Outlook Express 1.0
Google Pack Screensaver
Google Video Player
GSview 3.6
GSview 4.8
Half-Life
Half-Life: Opposing Force
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP LaserJet 3200 Uninstaller
IAV FileSplitter 2.03
ICQ
i-LEARN My Dell PC
ImRe 1.0
Intel Application Accelerator
Intel Processor Frequency ID Utility
InterActual Player
Internet Worm Protection
InterVideo WinDVD
Iomega App Services
IomegaWare
IPIX ActiveX Viewer
IrfanView (remove only)
IsoBuster 1.5
iTunes
J2SE Runtime Environment 5.0 Update 4
JamCam 3.0 Software
JamCam 3.0 Update V.GM6
Jarte
Java Web Start
JGoodies JDiskReport 1.2.1
Karen's Calculator
Karen's Cookie Viewer
Karen's Directory Printer
Karen's Font Explorer
Karen's Replicator
KODAK Picture CD Volume 4 Issue 1
Larry's Help File Indexer
Larry's OpenOffice and StarOffice Indexer
Larry's WordPerfect Indexer
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Resource Center
Logitech SetPoint
Logitech User's Guide
Macromedia Flash Player 8
Magic Starter 7th Edition
MagicDisc 2.5.68
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Encarta Encyclopedia Standard 2001
Microsoft Excel Viewer 97
Microsoft Fighter Ace II
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Beta)
Microsoft Office OneNote 2007 (Beta)
Microsoft Office OneNote 2007 (Beta)
Microsoft Office OneNote MUI (English) 2007 (Beta)
Microsoft Office Proof (English) 2007 (Beta)
Microsoft Office Proof (French) 2007 (Beta)
Microsoft Office Proof (Spanish) 2007 (Beta)
Microsoft Office Shared MUI (English) 2007 (Beta)
Microsoft Office Visio MUI (English) 2007 (Beta)
Microsoft Office Visio Professional 2007 (Beta)
Microsoft Office Visio Professional 2007 (Beta)
Microsoft Picture It! Express 7.0
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Picture It! Publishing 2001
Microsoft PowerPoint Viewer 97
Microsoft Reader
Microsoft Streets and Trips 2001
Microsoft Windows Vista Upgrade Advisor
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft Zoo Tycoon
mIRC
MIT MathML Fonts 1.0
Modem Helper
Movie Joiner
MozBackup 1.4
Mozilla (1.7.13)
Mozilla Firefox (0.8.)
Mozilla Firefox (2.0)
Mozilla Thunderbird (1.5.0.5)
MP3 Player Utilities 2.11
Mplayer.com
MSN Encarta Plus Support Files
MSN Messenger 7.0
MSRedist
MSXML 6.0 Parser (KB927977)
MUSICMATCH® Jukebox
Myst
Name It Your Way (NIYoW) v1.0b16
NASA World Wind 1.3
NAVShortcut
Nero 6 Ultra Edition
Netscape (7.1)
Netscape Communicator 4.73
Nimo Codecs Pack v5.0 (Remove Only)
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton Cleanup
Norton LiveConnect (Symantec Corporation)
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006
Norton SystemWorks 2006 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NoteTab Light (Remove only)
NSW_DRM_COLLECTION
NVIDIA Display Driver
Nvu 0.80
Office Animation Runtime
OpenOffice.org 2.0
Opera
Outlook Express Freebie Backup
Outpost 2
Pando
Passware Kit 5.5
PatSee 4.06 Pro
PatSee 4.10 Pro
PatSee 4.11 Pro
PatSee 4.12 Pro
PCFriendly
PCG Metadata Assistant
PDF Password Remover v2.2
Pdf995
PdfEdit995
PerfectDisk
PhoneTools
PhotoMontage 2000
Pilate Project Files
Plaxo Toolbar for Outlook and Outlook Express
POD-Bot 2.5
Polar Bowler from AIM Games (remove only)
Privoxy (remove only)
Process Viewer
Python 2.2.2
QBeez
QuickBooks Pro 2002
Quicken 2001 Deluxe
Quicken Family Lawyer 2001
QuickTime
RAR Key
RAR Password Cracker 4.12
RD1021/1071 Lyra Personal Audio Player Applications
Read in Microsoft Reader Add-in for Microsoft Word
RealArcade
RealDownload
RealPlayer
Remove Hidden Data Tool
Remove on Reboot Shell Extension
Risk
RollerCoaster Tycoon
SafeCast Shared Components
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
setup (Remove only)
SHARP YO/ZQ-P20 PC Software
Shockwave
Sierra Account Wizard
Sierra Utilities
Signature995
Simple Sudoku 4.2
Skype 2.0
Snood for Windows version 3.52-W
Sony USB Driver
Sound Blaster Live! Value
SPBBC
Spinner Plus
Spybot - Search & Destroy 1.4
Stellarium 0.8.0
STOIK Video Converter 2
SuperBot 2.5A
SuperBot 3.1A
Syberia
SyncToy
TaxCut 2004
The GIMP 2.0.1
The Playa
Tomb Raider II
TomeRaider
Toolbar Chest for OE Uninstall
Tor (remove only)
TRACE!
TreeSize 1.75
Trellix Web
Trillian
Triscape FxFoto
TurboTax ItsDeductible 2005
TurboTax Premier 2005
TurboTax Premier Home & Business 2002
TurboTax Premier Home & Business 2003
Unlocker 1.8.3
UnWrapper Plus
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Flash HDD Series Driver v1.17r022
User's Guides
USPTO Direct 6.0 SP 2
VideoLAN VLC media player 0.8.1
Viewpoint Media Player
Volo View Express
VP6 VFW Codec
Web Stream Recorder Pro 1.1
WexTech AnswerWorks
Winamp (remove only)
WinAVIVideoConverter
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinHTTrack Website Copier 3.32-2
WinISO v5.3
WinPatrol
WinPcap 3.1 beta3
WinRAR archiver
WinUHA 2.0 Build 2003.12.31 Beta
WinZip
Woody's recommended Hidden Field Detector
Wrapster
WriteExpress 3,001 Business & Sales Letters
XnView 1.61
XviD MPEG-4 Video Codec
Yahoo! Messenger
ZLURP!
ZoneAlarm
Zoom Player (remove only)
  • 0

Advertisements

#26
Wizard
Posted 18 November 2006 - 04:31 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go to Add\Remove programs and remove this item:

J2SE Runtime Environment 5.0 Update 4

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#27
Craig9998
Posted 18 November 2006 - 06:47 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am unable to run the Kaspersky on line scan. I click on the on line scan and a pop up appears with a license agreement that I click accept. Then I'm asked if it is ok to install the Active X software, and I click install and then the pop up window goes back to the license agreement. I've tried several times, rebooted several times, and nothing seems to work.
  • 0

#28
Wizard
Posted 19 November 2006 - 06:05 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets try this one.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#29
Craig9998
Posted 19 November 2006 - 04:09 PM

Craig9998

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are PARTIAL scan results. This scan supposedly found nearly 11,000 pieces of spyware, which struck me as odd after all of the other scans that have been done. I haven't included those here. If you want to see them, let me know.


Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Possible Virus. Not disinfected C:\!KillBox\opppq.dll

Virus:JV/FixJava Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/FixJava.class]
Virus:JV/WordManager Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/WordManager.class]
Virus:JV/Widget Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/Widget.class]
Virus:JV/ValueBox Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/ValueBox.class]
Virus:JV/MyTimer Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/MyTimer.class]
Virus:JV/LetterButton Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/LetterButton.class]
Virus:JV/LetterBoard Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/LetterBoard.class]
Virus:JV/ImageBank Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/ImageBank.class]
Virus:JV/WordMeister Disinfected C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip[COM/tolstoy/meister1/WordMeister.class]

Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0000070.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0000384.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0000486.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0000798.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0000998.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0003557.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0005300.~]
Hacktool:Exploit/iFrame Not disinfected G:\Craig\Freenet support.mbox[~0005300.~][~0000000.~]
  • 0

#30
Wizard
Posted 20 November 2006 - 04:48 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Im not sure what all that is on the G drive?? :whistling:

The Java doesnt surprise me at all,please delete:

C:\Documents and Settings\craig\.jpi_cache\jar\1.0\meister.zip-2aa46ab1-757cf89e.zip


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP