Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow computer HELP

Started by jfrost76 , Nov 16 2007 06:51 PM

  • Please log in to reply

#1
jfrost76
Posted 16 November 2007 - 06:51 PM

jfrost76

    Member

  • Member
  • PipPip
  • 18 posts
Computer is slow ran atf cleaner, created new system restore point, ran avg anti spyware, this program did not give me a report even though I told it to automatically to give me a report after ever scan. here is the log for the superantispyware, Ran hijack this report see after superantispyware scan report. Also ran panda active scan, after scanning for 2 hours said done with errors on page and gave no report.

SUPERAntiSpyware Scan Log
Generated 11/16/2007 at 02:07 PM

Application Version : 3.6.1000

Core Rules Database Version : 3345
Trace Rules Database Version: 1346

Scan type : Complete Scan
Total Scan Time : 03:11:10

Memory items scanned : 491
Memory threats detected : 0
Registry items scanned : 5667
Registry threats detected : 9
File items scanned : 158981
File threats detected : 0

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4FFCB6BE-44F7-E86A-BCA1-52D82F83FE92}
HKLM\Software\Classes\CLSID\{88AE5BAB-3DC7-9717-34AB-BAC95A1C967A}
HKCR\CLSID\{4FFCB6BE-44F7-E86A-BCA1-52D82F83FE92}
HKCR\CLSID\{4FFCB6BE-44F7-E86A-BCA1-52D82F83FE92}\Data
HKCR\CLSID\{88AE5BAB-3DC7-9717-34AB-BAC95A1C967A}
HKCR\CLSID\{88AE5BAB-3DC7-9717-34AB-BAC95A1C967A}\Data

Parasite.CoolWebSearch Variant
HKLM\Software\Classes\CLSID\{99D764FC-CDD7-00B8-618D-0880E43E5DFC}
HKCR\CLSID\{99D764FC-CDD7-00B8-618D-0880E43E5DFC}
HKCR\CLSID\{99D764FC-CDD7-00B8-618D-0880E43E5DFC}\Data

hijackthis here is the log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:33 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dns\bin\named.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\After Dark\After Dark.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no

file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -

C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar -

{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [After Dark QuickAccess] C:\Program Files\After

Dark\After Dark.exe /taskbar
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program

Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU

"C:\WINDOWS\TEMP\E_S9C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common

Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet

Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program

Files\Palm\register.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program

Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton

SystemWorks\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC}

- C:\Program Files\Verizon Online\Verizon Online Control

Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad -

{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon

Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Express Cleanup -

{5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton

SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup -

{5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton

SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: @btrez.dll,-4015 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {0FB8DE1A-E991-40E5-83CA-5172084B2073} (CISdownsampler

Object) -

https://service.hpph...downsampler.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...s/en/x86/client

/muweb_site.cab?1166031825811
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA7A2849-2E3F-4F87-A1C4-43843592BAED} (CPXe Upload Control)

- https://service.hpph...ic/hpodcpxe.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{43C08EEC-1A47-4127-9556-D809840AF470

}: NameServer = 127.0.0.1,192.168.1.1,192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -

C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation -

C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec

Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec

Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\AppCore\AppSvc32.exe
O23 - Service: twdns - Unknown owner -

C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -

Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11177 bytes
  • 0

Advertisements

#2
Stamper19
Posted 19 November 2007 - 07:35 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :)

Please be sure to turn off Wordwrap in Notepad. Having it on makes the logs difficult to read. To do so, in Notepad go to the Format menu and make sure that Wordwrap is not checked. If it is, then click on it to uncheck it.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • main.txt and extra.txt from DSS

  • 0

#3
jfrost76
Posted 20 November 2007 - 04:18 PM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for your help Stamper19. Here are the results of the DSS.

Deckard's System Scanner v20071014.68
Run by Chris on 2007-11-20 17:09:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2007-11-20 22:09:43 UTC - RP958 - Deckard's System Scanner Restore Point
7: 2007-11-20 21:52:45 UTC - RP957 - System Checkpoint
6: 2007-11-19 21:28:29 UTC - RP956 - System Checkpoint
5: 2007-11-18 18:07:55 UTC - RP955 - System Checkpoint
4: 2007-11-17 17:51:59 UTC - RP954 - Removed Remington Big Buck Trophy Hunt


-- First Restore Point --
1: 2007-11-16 13:14:21 UTC - RP951 - netspeed


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:47 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S9C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FB8DE1A-E991-40E5-83CA-5172084B2073} (CISdownsampler Object) - https://service.hpph...downsampler.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166031825811
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA7A2849-2E3F-4F87-A1C4-43843592BAED} (CPXe Upload Control) - https://service.hpph...ic/hpodcpxe.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 10118 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 Speed Disk service - c:\progra~1\norton~3\norton~2\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

S2 twdns - c:\windows\system32\dns\bin\named.exe (file missing)
S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-20 17:11:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-11-20 00:00:00 308 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2007-11-19 20:00:00 618 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jan.job
2007-11-19 12:17:40 292 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-16 19:38:52 0 d-------- C:\Program Files\Trend Micro
2007-11-16 15:26:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 10:46:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-16 10:46:19 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-16 10:46:19 0 d-------- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2007-11-16 10:44:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 08:29:42 0 d-------- C:\Documents and Settings\Chris\Application Data\Grisoft
2007-11-16 08:29:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-03 19:53:04 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-28 15:15:23 278668 --a------ C:\WINDOWS\epsuninst.exe <Not Verified; Marcelo Bona Boff; e-PocketSetup 2003>
2007-10-28 15:15:23 0 d-------- C:\Program Files\Filao
2007-10-28 14:21:21 0 d-------- C:\Program Files\Palm


-- Find3M Report ---------------------------------------------------------------

2007-11-20 17:08:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-19 12:53:37 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-16 10:44:57 0 d-------- C:\Program Files\Common Files
2007-11-16 07:13:25 0 d-------- C:\Program Files\Norton Internet Security
2007-11-12 12:30:09 0 d-------- C:\Program Files\Norton SystemWorks
2007-11-03 19:52:59 0 d-------- C:\Program Files\Common Files\Real
2007-11-03 19:49:34 0 d-------- C:\Documents and Settings\Chris\Application Data\Real
2007-10-28 15:32:44 0 d-------- C:\Program Files\HealthFile
2007-10-28 15:30:41 0 d-------- C:\Program Files\BookBag
2007-10-20 18:59:59 0 d-------- C:\Program Files\Symantec
2007-10-08 17:15:31 0 d-------- C:\Program Files\Java
2007-10-01 17:16:42 0 d-------- C:\Program Files\Common Files\ADO


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 01:16 PM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [04/24/2005 12:49 PM]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [08/13/2002 01:30 PM]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [07/16/2002 09:55 AM]
"Logitech Utility"="Logi_MwX.Exe" [09/17/2006 08:46 PM C:\WINDOWS\LOGI_MWX.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/04/2007 09:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"@"="" []
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [10/08/2002 05:03 AM]
"EPSON Stylus CX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.exe" [02/13/2006 04:00 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [06/26/2007 12:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/03/2007 07:52 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [11/17/2007 03:11 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 10:45:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 11/17/2007 03:11 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\After Dark QuickAccess]
C:\Program Files\After Dark\After Dark.exe /taskbar

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

*Newly Created Service* - COMHOST
*Newly Created Service* - SASDIFSV



-- End of Deckard's System Scanner: finished at 2007-11-20 17:12:07 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 511.43 MiB / 295.52 MiB
Pagefile Memory (total/avail): 1249.95 MiB / 860.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 32.9 GiB free.
D: is Removable (No Media)
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250 SCSI Disk Device

\\.\PHYSICALDRIVE0 - Maxtor 6 Y080L0 SCSI Disk Device - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE6 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE2 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE5 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1141600153\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1141600153\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealOne Player"
"C:\\Program Files\\Verizon Online\\SupportCenter\\SmartBridge\\MotiveSB.exe"="C:\\Program Files\\Verizon Online\\SupportCenter\\SmartBridge\\MotiveSB.exe:*:Enabled:Motive SmartBridge"
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1141600153\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1141600153\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"="C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL5123
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MY-TBOP6NWJ2QA0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
ITEMID=dj-17724-8
LANG=1033
LOGONSERVER=\\MY-TBOP6NWJ2QA0
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
SESSIONID=1081446211955wuws04-laa233f:fbfe4e91eb:-77a8
SESSIONNAME=Console
SWUTVER=1.0.18.20030625
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\radEE5F9.tmp
USERDOMAIN=MY-TBOP6NWJ2QA0
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
VERSION=3.0.1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Chris (admin)
Jan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BookBag Plus --> C:\PROGRA~1\BookBag\UNWISE.EXE C:\PROGRA~1\BookBag\INSTALL.LOG
HealthFile Plus --> C:\PROGRA~1\HEALTH~1\UNWISE.EXE C:\PROGRA~1\HEALTH~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.13) --> C:\PROGRA~1\MOZILL~2\uninstall\uninstall.exe /ua "1.5.0.13 (en-US)"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Sudoku Pack for Palm --> "C:\WINDOWS\epsuninst.exe" "C:\Program Files\Filao\Sudoku Pack for Palm\uninst.dat"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}


-- Application Event Log -------------------------------------------------------

Event Record #/Type46892 / Error
Event Submitted/Written: 11/13/2007 07:45:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.2514, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type46863 / Error
Event Submitted/Written: 11/13/2007 01:16:33 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type46862 / Error
Event Submitted/Written: 11/13/2007 00:41:00 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 511325124.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type46861 / Error
Event Submitted/Written: 11/13/2007 00:40:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application stronghold2.exe, version 1.3.0.0, faulting module stronghold2.exe, version 1.3.0.0, fault address 0x0031f8f6.
Processing media-specific event for [stronghold2.exe!ws!]

Event Record #/Type45896 / Error
Event Submitted/Written: 11/02/2007 10:32:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1741, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type119500 / Error
Event Submitted/Written: 11/18/2007 04:01:02 PM
Event ID/Source: 9 / nvidesm
Event Description:
The device, \Device\Scsi\nvidesm1, did not respond within the timeout period.

Event Record #/Type119463 / Warning
Event Submitted/Written: 11/18/2007 09:20:23 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type119456 / Warning
Event Submitted/Written: 11/18/2007 08:28:28 AM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type119393 / Warning
Event Submitted/Written: 11/17/2007 04:08:51 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type119385 / Warning
Event Submitted/Written: 11/17/2007 03:11:06 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2007-11-20 17:12:07 ------------



A new problem also showed up yesterday. Something is sending spam from my computer.

Thanks jfrost76
  • 0

#4
Stamper19
Posted 21 November 2007 - 07:52 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

I see nothing obvious in your log to suggest malware, so we will do a scan to dig a bit deeper. Before getting to that though, I notice that your Norton Internet Security Suite is disabled. This is extremely dangerous and presents an open door for infection. Please re-enable it immediately.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
----------------------------------------------------------------

Information to include in your next post:
  • Kapersky Scan Log

  • 0

#5
jfrost76
Posted 21 November 2007 - 08:25 PM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
kaspersky scan results

Attached Files


  • 0

#6
jfrost76
Posted 21 November 2007 - 10:34 PM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
sorry, I shouldn't have sent that as an attachment so here's the kapersky scan log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 9:27:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/11/2007
Kaspersky Anti-Virus database records: 463315
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 163643
Number of viruses found: 16
Number of infected objects: 161
Number of suspicious objects: 16
Duration of the scan process: 02:46:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\PMUSERS.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B2F48E97.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C69A95C3.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\history.dat Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\key3.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb6rgb13.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temp\~DF9A10.tmp Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temp\~DF9A53.tmp Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 19:44:49 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 19:44:49 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 22:44:49 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 22:44:49 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\Jan\Desktop\Unused Desktop Shortcuts\misc crap\PuzMastSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\gobackio.bin Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\018C5D2A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\01E614B9.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\04550597 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\04783160.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\04E9056B Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\059E741D.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A25DE5.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A507E1.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A507E1.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A931DE.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A931DE.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AC5BDA.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AF05D6.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B659CF.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B903CC.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BC2DC8.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BF57C4.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C301C1.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C301C1.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C62BBD.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C955BA.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C955BA.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07CD7FB6.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D029B2.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D353AF.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D353AF.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D67DAB.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D67DAB.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E3259D.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E3259D.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E74F99.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07EA7996.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07EA7996.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07ED2392.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07ED2392.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07F04D8F.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07F4778B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08044979.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08077375.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0811716B.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08214359.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\082B414E.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08321547.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0838693F.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\083F3D38.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\084F0F26.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08B84EB3.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\093A7E93.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2B4C01.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE04620.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D4E58B5.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DA837EE Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F250A87 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F543077 Infected: Trojan.Java.Needy.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F585A74 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\116E7D84 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\12225857.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CD0F48.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\13C02C8F.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15313099.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15691B6C.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15EC0E2C.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\164E79C0.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\17B50435.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\18DF14B3.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\18FB6ACD.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E675CA8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F445705 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\20D83487 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\24BB1127 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\25A255A5.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\25B95252 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\25DF730A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\26084BAC.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\28687AB7 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\289A0A0D Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CFC2A3B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\313311A3.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31C2315D Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\327146C9 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\327570C5 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\33122E1C Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\377C6E8D.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A14611D Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A761720 Infected: Trojan.Java.ClassLoader.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B3D4E32.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3CB42362 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E9F3B9E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F8A0DBF Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F980BD4 Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\43D8169B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\43F66BA9 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\46483078 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\46D56B7B.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\4702008A Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\475F0BFC Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\47867AB5.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48B97FA8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48DD17F3 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4AD6364E.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E290261 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E5A70E8 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E6232B9 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F69529A.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\50062CE3 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\51053F66 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\56C36E0E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A2D2289.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E455B3B.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5EC46F0A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\60406DAD.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\616C1E99 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\65FF3A19.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\68702BFA.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B6B33A4.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B897BDB.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA12DF1.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA457ED.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA801EA.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB853D8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBB7DD4.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBE27D1.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DC825C6.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DCB4FC2.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DCF79BF.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DD223BB.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\70102326.html Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\70144D23.html Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7017771F.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\702B5204.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\712D2001 Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\71B4108E.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\723F0CDC.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\724236D9.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\724660D5.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\72490AD1.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7481362E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\74FC0324 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\75DF5585 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\75E44CFD Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\78D75D9F Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\793B0C66 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A234A82.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7DB11D3C Infected: Trojan.Java.ClassLoader.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E10389C.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FDC3F1C Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8E7BC2C-BD6E-4E96-A046-DC3C68563A8B}\RP958\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\ModemLog_Communications cable between two computers #2.txt Object is locked skipped
C:\WINDOWS\ModemLog_Communications cable between two computers.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Thanks for your help.

jfrost76
  • 0

#7
Stamper19
Posted 22 November 2007 - 10:23 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

Thanks for reposting the log. It did pick up a few things, so lets deal with those now. I also suggest that you clear out your Norton Quarantine and Norton AntiSpam Folders.

----------------------------------------------------------------

Lets delete some ill mannered files.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Jan\Desktop\Unused Desktop Shortcuts\misc crap\PuzMastSetup-dm.exe
    C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0001.html
    C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0002.html
    C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0003.html
    C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0004.html
    C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0005.html
    C:\WINDOWS\clock.avi:nxihe:$DATA/data0001.html
    C:\WINDOWS\clock.avi:nxihe:$DATA/data0002.html
    C:\WINDOWS\clock.avi:nxihe:$DATA/data0003.html
    C:\WINDOWS\clock.avi:nxihe:$DATA/data0004.html
    C:\WINDOWS\clock.avi:nxihe:$DATA/data0005.html
    C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0001.html
    C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0002.html
    C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0003.html
    C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0004.html
    C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0005.html

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum. Reboot into Normal Mode.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
----------------------------------------------------------------

Information to include in your next post:
  • OTMove It Log
  • Kapersky Scan Log

  • 0

#8
jfrost76
Posted 22 November 2007 - 02:32 PM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I emptied the Norton Quarantine folder however I couldn't find a folder for Norton AntiSpam

I downloaded the OTMoveIt and ran it as directed then accidently closed it without copying the results. It appeared to move everything successfully and it didn't ask to reboot. I hope that doesn't mess things up. Here's the Kapersky Scan Log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 22, 2007 3:21:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/11/2007
Kaspersky Anti-Virus database records: 464197
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 156950
Number of viruses found: 16
Number of infected objects: 161
Number of suspicious objects: 16
Duration of the scan process: 02:14:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\PMUSERS.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B2F48E97.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C69A95C3.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 19:44:49 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 19:44:49 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 22:44:49 +0200]/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 22:44:49 +0200]/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder/[From [Norton AntiSpam] Win a Football Jersey from your favorite team - Participation required][Date Tue, 14 Feb 2006 23:33:02 +0000 (GMT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From "Ebay Security Center" <[email protected]>][Date Sun, 05 Mar 2006 13:25:51 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.p skipped
C:\Documents and Settings\Jan\Local Settings\Application Data\Identities\{DF9B9243-6DE7-473E-BD6F-9B80E8DF7B5C}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\gobackio.bin Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\018C5D2A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\01E614B9.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\04550597 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\04783160.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\04E9056B Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\059E741D.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A25DE5.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A507E1.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A507E1.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A931DE.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A931DE.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AC5BDA.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AF05D6.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B659CF.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07B903CC.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BC2DC8.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BF57C4.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C301C1.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C301C1.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C62BBD.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C955BA.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07C955BA.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07CD7FB6.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D029B2.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D353AF.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D353AF.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D67DAB.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07D67DAB.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E3259D.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E3259D.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E74F99.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07EA7996.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07EA7996.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07ED2392.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07ED2392.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07F04D8F.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07F4778B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08044979.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08077375.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0811716B.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08214359.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\082B414E.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08321547.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0838693F.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\083F3D38.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\084F0F26.DAT Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08B84EB3.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\093A7E93.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2B4C01.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CE04620.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D4E58B5.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DA837EE Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F250A87 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F543077 Infected: Trojan.Java.Needy.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F585A74 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\116E7D84 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\12225857.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CD0F48.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\13C02C8F.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15313099.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15691B6C.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\15EC0E2C.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\164E79C0.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\17B50435.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\18DF14B3.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\18FB6ACD.dll Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E675CA8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F445705 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\20D83487 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\24BB1127 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\25A255A5.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\25B95252 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\25DF730A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\26084BAC.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\28687AB7 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\289A0A0D Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CFC2A3B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\313311A3.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31C2315D Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\327146C9 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\327570C5 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\33122E1C Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\377C6E8D.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A14611D Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A761720 Infected: Trojan.Java.ClassLoader.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B3D4E32.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3CB42362 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E9F3B9E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F8A0DBF Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F980BD4 Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\43D8169B.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\43F66BA9 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\46483078 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\46D56B7B.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\4702008A Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\475F0BFC Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\47867AB5.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48B97FA8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48DD17F3 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4AD6364E.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E290261 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E5A70E8 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E6232B9 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F69529A.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\50062CE3 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\51053F66 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\56C36E0E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A2D2289.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E455B3B.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5EC46F0A Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\60406DAD.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\616C1E99 Infected: Trojan.Java.ClassLoader.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\65FF3A19.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\68702BFA.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B6B33A4.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B897BDB.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA12DF1.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA457ED.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DA801EA.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DB853D8.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBB7DD4.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DBE27D1.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DC825C6.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DCB4FC2.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DCF79BF.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6DD223BB.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\70102326.html Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\70144D23.html Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7017771F.php Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\702B5204.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\712D2001 Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\71B4108E.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\723F0CDC.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\724236D9.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\724660D5.html Suspicious: Exploit.HTML.DialogArg skipped
C:\Program Files\Norton AntiVirus\Quarantine\72490AD1.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7481362E Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\74FC0324 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\75DF5585 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\75E44CFD Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\78D75D9F Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\793B0C66 Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A234A82.html Infected: Trojan-Downloader.VBS.Psyme.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7DB11D3C Infected: Trojan.Java.ClassLoader.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E10389C.dat Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FDC3F1C Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8E7BC2C-BD6E-4E96-A046-DC3C68563A8B}\RP959\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\clock.avi:nxihe:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\DtcInstall.log:ssuyv:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\ModemLog_Communications cable between two computers #2.txt Object is locked skipped
C:\WINDOWS\ModemLog_Communications cable between two computers.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\Jan\Desktop\Unused Desktop Shortcuts\misc crap\PuzMastSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

Scan process completed.

Thanks
  • 0

#9
jfrost76
Posted 22 November 2007 - 08:25 PM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Stamper19,

I found where the log was for the OTMoveIt.

C:\Documents and Settings\Jan\Desktop\Unused Desktop Shortcuts\misc crap\PuzMastSetup-dm.exe moved successfully.
File/Folder C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0001.html not found.
File/Folder C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0002.html not found.
File/Folder C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0003.html not found.
File/Folder C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0004.html not found.
File/Folder C:\WINDOWS\Ad_rsrc.dll:wbngm:$DATA/data0005.html not found.
File/Folder C:\WINDOWS\clock.avi:nxihe:$DATA/data0001.html not found.
File/Folder C:\WINDOWS\clock.avi:nxihe:$DATA/data0002.html not found.
File/Folder C:\WINDOWS\clock.avi:nxihe:$DATA/data0003.html not found.
File/Folder C:\WINDOWS\clock.avi:nxihe:$DATA/data0004.html not found.
File/Folder C:\WINDOWS\clock.avi:nxihe:$DATA/data0005.html not found.
File/Folder C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0001.html not found.
File/Folder C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0002.html not found.
File/Folder C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0003.html not found.
File/Folder C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0004.html not found.
File/Folder C:\WINDOWS\DtcInstall.log:ssuyv:$DATA/data0005.html not found.

Created on 11/22/2007 12:35:35

I hope this helps.

Thanks
  • 0

#10
Stamper19
Posted 22 November 2007 - 09:51 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

Good work with all the previous instructions :)

It looks like this is the folder for the Norton AntiSpam Quarantine: C:\Documents and Settings\Jan\Application Data\Thunderbird\Profiles\s3e9qvos.default\Mail\Local Folders\Norton AntiSpam Folder

Things are looking pretty good. How is it running?

Lets just run one more scan to be certain we got everything.

Please download and run AVG Anti-Spyware.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#11
jfrost76
Posted 23 November 2007 - 08:41 AM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Stamper19,

I found and deleted the Norton AntiSpam Folder

The AVG Anti-spyware didn't give me a report again. It did the same thing the first time I ran it so I checked to make sure all of the settings were right but it still didn't give a report. All it found however was 6 cookies which it deleted. My computer is still slow but not as bad. My internet speed has improved but it is still slow. Do I have to many things running? the download speed improved from 30-40 kbps to 250 kbps but it has been 1200-1300 kbps before this. Any ideas?

Thanks for your help!

Jfrost76
  • 0

#12
Stamper19
Posted 23 November 2007 - 10:36 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

Happy to hear things are running better. The internet speed issue could be network related. Nothing in the logs to suggest it has anything to do with malware. As for the computer running a bit slow, let see if we cant speed things up a bit with a little general housekeeping.

Let's try to speed your system.

Prefetch is clickable for more information
  • Click Start then Run, type prefetch then press ENTER, click Edit then select all (all files will highlight), right click any file, click Delete, confirm,
  • Click Start then All Programs, Accessories, System Tools to run Disc Cean Up
  • Reboot
  • Click Start then All Programs, Accessories, System Tools to run Defragmenter
Now we'll run Tune Up
  • Download, install and run Tune Up 2007 Trial
  • Run Tune Up disc clean up
  • Run Tune Up registry clean up
  • Disable your AntiVirus program, then click Optimize and Improve to run Reg Defrag, the screen will lose color during the process which can take a few minutes and then needs a reboot
  • Check to make sure your AntiVirus is running
Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial
  • Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot
  • After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.
  • After the reboot, click optimize then system optimizer to run system advisor.

Let me know if you notice any improvements.
  • 0

#13
jfrost76
Posted 24 November 2007 - 07:34 AM

jfrost76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Stamper19,

WOW!!!!!!

What a difference. Rebooting now takes less than 5 minutes it used to be 15. Download speeds now are running at over 1.4 mbps. I have 1.5 mbps DSL so I don't think we're going to get it any better than that.

Overall I think that the speed of this computer is as good or better than it was new.

Thanks for your help!

jfrost76
  • 0

#14
Stamper19
Posted 24 November 2007 - 07:38 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi jfrost76,

Happy to hear everything is running as it should.

Congrats - your logs are all clean :)

There are still a couple of things you should do for the sake of cleaning up.

---------------------------------------------------------------

Lets delete all the tools we downloaded.
  • Please double-click OTMoveIt.exe to run it.
  • Click the Clean Up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot
----------------------------------------------------------------

Please clear and reset your system restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

----------------------------------------------------------------

Otherwise, unless you have any questions, you are all set. Included below are some tips for keeping your computer malware free in the future.

Cheers,
Stamper :)

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP