Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet explorer redirection problem


  • Please log in to reply

#1
Joseph_spy

Joseph_spy

    New Member

  • Member
  • Pip
  • 1 posts
Hello there!
I've been having trouble getting rid of this malware/virus. When I click on searches on yahoo or google it brings me to another site.

I've tried (not in the following order)
Superantispyware, malwarebytes, combofix, CCleaner, MGtools, bitdefender, ATF and none have worked. I've followed instructions from another forum like this one but the problem still persists.

Thanks in advance,
Joseph


Below are some of my logs:



Combofix----
ComboFix 09-05-06.02 - Joseph 05/06/2009 21:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.599 [GMT -7:00]
Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 06:05 . 2009-05-06 06:05 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 05:29 . 2009-05-06 05:29 -------- d-----w c:\program files\AVG
2009-05-06 05:29 . 2009-05-07 02:53 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 05:05 . 2009-05-05 05:05 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-04 01:19 . 2003-03-21 22:37 359424 ----a-w c:\windows\callvers.exe
2009-05-04 01:19 . 2003-04-21 23:58 11392 ------w c:\windows\system32\drivers\UsbFltr.sys
2009-05-04 01:19 . 2009-05-07 02:41 -------- d-----w c:\program files\Compaq CPQ175KB
2009-05-02 23:51 . 2009-05-03 01:24 -------- d-----w c:\windows\BDOSCAN8
2009-04-18 03:31 . 2009-04-18 03:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 05:41 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:41 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 05:41 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:41 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 05:41 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:41 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:41 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 05:41 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:41 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:41 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:40 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 05:40 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 06:09 . 2009-02-20 18:09 459264 ------w c:\windows\system32\dllcache\msfeeds.dll
2009-04-12 06:09 . 2009-02-20 18:09 52224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-12 06:09 . 2009-02-20 18:09 268288 ------w c:\windows\system32\dllcache\iertutil.dll
2009-04-12 06:09 . 2009-02-20 18:09 63488 ------w c:\windows\system32\dllcache\icardie.dll
2009-04-12 06:09 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-04-12 06:09 . 2009-02-20 18:09 383488 ------w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-12 06:09 . 2008-07-09 14:25 2455488 ------w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-12 06:09 . 2009-02-20 18:09 6066176 ------w c:\windows\system32\dllcache\ieframe.dll
2009-04-12 02:30 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-11 16:05 . 2009-04-11 16:05 -------- d-sh--w c:\documents and settings\Joseph\PrivacIE
2009-04-11 15:59 . 2009-04-11 15:59 -------- d-sh--w c:\documents and settings\Joseph\IETldCache
2009-04-11 15:50 . 2009-04-11 15:50 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-11 15:45 . 2009-04-12 03:00 -------- d-----w c:\windows\ie8updates
2009-04-11 15:40 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 02:49 . 2006-10-18 02:48 -------- d-----w c:\program files\WINForms Desktop
2009-05-06 02:38 . 2006-09-19 03:49 -------- d-----w c:\program files\Yahoo!
2009-05-06 02:09 . 2007-12-17 03:50 118823 ----a-w C:\MGlogs.zip
2009-05-05 05:06 . 2009-03-23 02:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 05:06 . 2009-03-23 02:38 -------- d-----w c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com
2009-05-05 04:46 . 2009-03-26 04:36 1340797 ----a-w C:\MGtools.exe
2009-05-05 02:35 . 2009-03-23 01:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 01:00 . 2008-04-19 01:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-02 01:00 . 2008-04-14 22:57 -------- d-----w c:\program files\Norton Security Scan
2009-04-18 17:48 . 2006-08-08 01:34 -------- d-----w c:\program files\Sound Forge XP
2009-04-18 03:31 . 2006-03-29 01:34 -------- d-----w c:\program files\Java
2009-04-12 19:45 . 2007-12-14 06:44 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-06 22:32 . 2009-03-23 01:59 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2009-03-23 01:59 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-23 05:52 . 2009-03-23 05:52 -------- d-----w c:\documents and settings\Guest\Application Data\SUPERAntiSpyware.com
2009-03-23 02:39 . 2009-03-23 02:39 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-23 01:23 . 2009-03-23 01:23 -------- d-----w c:\program files\CCleaner
2009-03-22 18:00 . 2005-08-17 02:54 -------- d-----w c:\program files\GemMaster
2009-03-06 14:22 . 2005-08-16 10:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 10:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 01:08 . 2007-03-19 04:21 68280 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-24 03:17 . 2006-06-16 02:52 68280 ----a-w c:\documents and settings\Marie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-22 20:46 . 2006-04-01 05:12 68280 ----a-w c:\documents and settings\Joseph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-22 05:32 . 2005-08-16 10:41 88699 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-09 12:10 . 2005-08-16 10:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 10:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 10:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 10:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 10:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 05:52 . 2006-05-07 02:29 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-06 11:11 . 2005-08-16 10:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 10:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 10:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 04:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2006-10-13 15:36 . 2006-10-13 15:36 251 ----a-w c:\program files\wt3d.ini
2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-04-12 01:08 . 2006-04-02 17:24 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-04-12 01:08 . 2006-04-02 17:24 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-12 01:08 . 2007-12-12 05:28 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-04-12 01:08 . 2007-12-12 05:28 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-04-12 01:08 . 2006-04-02 17:24 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"PDF Converter Registry Controller"="c:\program files\ScanSoft\PDF Converter\RegistryController.exe" [2003-08-19 102400]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-13 1121792]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\Joseph\Start Menu\Programs\Startup\
Microsoft Outlook.lnk - c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe [2006-4-4 104960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-25 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Compaq CPQ175KB.lnk - c:\program files\Compaq CPQ175KB\MagicKey.exe [2009-5-3 155648]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-28 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Activision Value\\WSOP 2008\\WSOPBFTB.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [5/3/2009 6:19 PM 11392]
R1 v_gvmi;v_gvmi;c:\program files\Common Files\System\v_gvmi32.dll [3/20/2009 11:15 PM 30720]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [6/24/2006 7:54 PM 136352]
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (MATRIX-Joseph).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-03-29 02:18]

2009-05-04 c:\windows\Tasks\Norton Security Scan for Joseph.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: Open PDF in Word - c:\program files\ScanSoft\PDF Converter\IEShellExt.dll /100
Trusted Zone: creditcommander.com\www
DPF: {F91AB7B8-EE67-42AF-A5AA-8E232C396A04} - hxxps://www.creditcommander.com/cabs/htmlprint.cab
FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\8t8bp368.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2748)
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-07 21:33
ComboFix-quarantined-files.txt 2009-05-07 04:33
ComboFix2.txt 2009-04-18 03:18
ComboFix3.txt 2009-04-11 14:19
ComboFix4.txt 2009-03-24 05:42
ComboFix5.txt 2009-05-07 04:21

Pre-Run: 94,681,686,016 bytes free
Post-Run: 94,682,734,592 bytes free

200 --- E O F --- 2009-04-17 03:04

Malwarebytes---------------------------------------
Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 3

5/5/2009 7:05:09 PM
mbam-log-2009-05-05 (19-05-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 215051
Time elapsed: 59 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
============================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/04/2009 at 11:03 PM

Application Version : 4.26.1002

Core Rules Database Version : 3877
Trace Rules Database Version: 1825

Scan type : Complete Scan
Total Scan Time : 00:48:21

Memory items scanned : 666
Memory threats detected : 0
Registry items scanned : 6676
Registry threats detected : 0
File items scanned : 34392
File threats detected : 49

Adware.Tracking Cookie
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][2].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][2].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][2].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][2].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][2].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
C:\Documents and Settings\Joseph\Cookies\[email protected][1].txt
.adserver.adtechus.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.adserver.adtechus.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\0ac9kx61.default\cookies.txt ]

Bitdefender ------------------------------------------------------------------

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Sat, May 02, 2009 - 18:11:44</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">C:\;D:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:04:45</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">313222</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">8823</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7966</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">17673</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2901600</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">17</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">45</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.PWS.Sinowal.NBH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.PWS.Sinowal.NBH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP948\A0063372.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Gen:Trojan.Heur.Dropper.32718E8E8E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP948\A0063372.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP948\A0063372.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\white cabinet\malware tools\SmitfraudFix.zip=>SmitfraudFix/IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Generic.122152</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\white cabinet\malware tools\SmitfraudFix.zip=>SmitfraudFix/IEDFix.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\white cabinet\malware tools\SmitfraudFix.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP