Post by: JenE on March 20, 2005, 06:16:37 PM
Here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 3:10:13 PM, on 3/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\otqycg.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system32\calc.exe
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [xjvptjep] C:\WINDOWS\System32\xjqenvvm.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab (http://\"http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c7.cab\")
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (http://\"http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This is the first time I have ever used hijack this...please be gentle with me.
Jen
Post by: guestolo on March 20, 2005, 06:24:02 PM
will try and look at your log at first chance, thanks
Post by: JenE on March 20, 2005, 06:32:09 PM
Jen
Post by: JenE on March 20, 2005, 06:39:40 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Logfile of HijackThis v1.99.1
Scan saved at 3:29:20 PM, on 3/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\otqycg.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system32\calc.exe
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [xjvptjep] C:\WINDOWS\System32\xjqenvvm.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab (http://\"http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c7.cab\")
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (http://\"http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks!
Jen
Post by: guestolo on March 20, 2005, 10:12:35 PM
Can you Close down all browser windows and then Enter your Add/Remove Programs and remove if found
[
New.net Application or New.net Domains
Ensure you Restart your computer after removal
If it is not listed in your Add/Remove programs use this link
http://www.newdotnet.com/removal.html (http://\"http://www.newdotnet.com/removal.html\")
Preferrably procedure 4 if it wasn't uninstalled earlier
You can save the uninstaller to desktop, close down all other windows
Run the uninstaller
Restart your computer afterwards
Back in Windows
Go back to Add/Remove Programs and remove if found
Media Access
Hotbar and/or Web Tools from Hotbar
Security iGuard
RESTART your computer again after removal if found
Post back with a fresh Hijackthis after doing the above
Post by: JenE on March 20, 2005, 11:02:47 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> I followed your above directions and here is my fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:59:57 PM, on 3/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\otqycg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\windows\system32\packager.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm (http://\"http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab (http://\"http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c7.cab\")
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (http://\"http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks!
Jen
Post by: guestolo on March 20, 2005, 11:57:20 PM
Download and UNZIP to desktop
HSFIX.zip (http://\"http://www.atribune.org/downloads/HSFix.zip\")
HSFix directory will be created
We'll need this later
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Access your add/remove programs and remove if found
Comet Systems or similiar
and Ebates_MoeMoneyMaker
Save the rest of this too a notepad file or Print out the instructions
Restart your computer into SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039\")
Find and delete these files or folders if found
C:\WINDOWS\Pynix.dll <-file
C:\WINDOWS\cerbmod.dll
c:\windows\tasks\sa.dat
C:\WINDOWS\farmmext.exe
c:\windows\system32\otqycg.exe
C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\NewDotNet <-folder
C:\Program Files\WebsiteViewer <-folder
C:\Program Files\Security iGuard <-folder
C:\Program Files\Hotbar <-folder
C:\Program Files\Media Access <-folder
c:\windows\inetdata <-folder
Let me know if you see any of these in that folder
c:\windows\inetdata\services.exe
c:\windows\inetdata\explorer.exe
c:\windows\inetdata\winlogon.exe
c:\windows\inetdata\2.00.00.dll
c:\windows\inetdata\cron.ini
Navigate too and delete the Whole contents of your temp folders, or whatever you can
# C:\Windows\Temp\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
===In safe mode
Do another scan with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm (http://\"http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab (http://\"http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab\")
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe (http://\"http://69.50.182.94/1/rdgUS896.exe\")
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (http://\"http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab\")
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Stay in safe mode
Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt. <--we'll need this later
Restart back to Normal mode
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Restart your computer too finish the cleaning process
Download this virus checker from eScan, this will help identify other files
Mwav.exe (http://\"ftp://ftp.microworldsystems.com/download/tools/mwav.exe\")
There's nothing to install, save it and then double click to run
It will self extract
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane Post it back here
****If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are
Also post a fresh Hijackthis log
Along with the log from HSFix.bat>>C:\hslog.txt <-this log
Post by: JenE on March 21, 2005, 10:18:06 PM
1. Should I have turned off system restore before doing all of this?
2. When all of this is done should I go back hide the folders I have unhidden?
3. Should I have emptied my recycle bin right away after deleting files and folders I was directed to delete?
4. I haven't been able to use Notepad and from the virus log it looks like it is infected. How can I fix that?
All of these were found in the inetdata folder.
c:\windows\inetdata\services.exe
c:\windows\inetdata\explorer.exe
c:\windows\inetdata\winlogon.exe
c:\windows\inetdata\2.00.00.dll
c:\windows\inetdata\cron.ini
Mwav virus log:
File C:\WINDOWS\inetdata\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysprinter.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart2.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart6.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart7.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\You!\LOCALS~1\TEMPOR~1\Content.IE5\AYUT9XOQ\rdgUS994[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\Cache\F8BCA334d01 tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-36c50bc2.zip infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\chainz.jar-5d03bb16-774ae688.zip tagged as not-a-virus:JavaClass.FormURLToy. No Action Taken.
File C:\Documents and Settings\You!\Desktop\D'loads\Install_AIM.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Desktop\HSFix\HSFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Desktop\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Local Settings\Temporary Internet Files\Content.IE5\AYUT9XOQ\rdgUS994[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\LexmarkX83\RemoveX83.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX83\setupx83part2ww.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX83\X83Twain.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01A00383.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01BE7D63.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01C87B58.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01DE213F.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01E57538.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01F21D29.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02134105.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\021D3EFB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\023364E1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\024A0AC8.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\026E58A1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02857E88.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\029C246E.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02A62264.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02D04435.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02D7182E.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02F73C0A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\030463FB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0387736C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\040A02DC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04172ACE.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\043B78A6.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04511E8D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04A00E37.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07A92C4B.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07AC5647.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07C34B4B.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0A114A29.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CA63762.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CBD5D49.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CFB7B05.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D1220EC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D1B1EE1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D2272DA.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D2A7A3A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D4640B2.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D4C14AB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D601095.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D9B0455.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DA82C46.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E0D41D7.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E173FCC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E450B9A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E62057A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E695972.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E7F7F59.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0ECE6F03.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EE16AED.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EEB68E3.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F0C0CBF.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F160AB4.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F305A97.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F3A588C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10357978.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\103F776D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10561D54.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10594E15.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\105F1B49.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10764130.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10803F25.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\108A3D1A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109A0F08.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10B134EF.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10C106DD.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10D82CC4.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10EF52AB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11132083.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\111A747C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11301A63.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\113D4255.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1144164D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\141F2754.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\179B1953.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F72401D.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\25517277.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E0C0EEA.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E1362E3.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E160CDF.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E200AD4.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2334D1.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E265ECD.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2908CA.exe infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2D32C6.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E305CC2.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E3306BF.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3A8F0FB5.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4260174F.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46106A33.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46141430.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46141430.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46A83CAE.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46AC66AA.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46B23AA3.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46B23AA3.exe infected by "Trojan-Dropper.Win32.180Solutions.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4DF1534D.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\54326F34.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\54361930.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\589070FB.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\58931AF8.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\59E70553.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\65784152.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\772730C6.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\ShopperReports\Bin\1.0.0.1\smrtshpr.dll infected by "not-a-virus:AdWare.Comet.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc10.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc1220.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\2.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\3.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\services.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc50.tmp\hbinstie.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.t" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc7.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc8.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc88.tmp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0000007.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001001.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001010.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001011.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001012.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001014.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001015.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001016.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001017.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001018.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001019.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001020.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001021.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001022.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001024.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001026.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001027.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001028.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001032.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001033.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001034.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001035.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.ai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001036.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001037.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001038.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001040.exe infected by "not-a-virus:AdWare.Comet.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001041.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001042.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.ai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001044.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001053.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001056.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001057.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP2\A0001080.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP2\A0001081.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\temp\sahagent-cdt1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\rdgUS896.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\rdgUS994.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart2.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart6.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart7.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\3.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\services.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINNT\NOTEPAD.EXE infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WinXpCrackEN\WinXpCrackEN\WinXP.Activation.v1.1.English.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:15:29 PM, on 3/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [printer] C:\WINDOWS\System32\sysprinter.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O16 - DPF: {1A9499D9-E0B6-6AC5-78B2-697508F20565} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {2F67F11B-596E-007A-A745-632F30F86378} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {49FAE7A3-7B4E-64B8-8DD4-5AD923118642} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
HSFix log:
Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-
Hope I posted everything you need.
Thanks!
Jen
Post by: guestolo on March 22, 2005, 12:39:08 AM
to help clean your temp folders,cookies,prefetch folder, recylebin
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet
===Download the Pocket Killbox (http://\"http://www.downloads.subratam.org/KillBox.zip\")
UNZIP it to a folder of your choice
===Download and save to Deskop Notepad_XP.zip
[attachment=78:attachment]
We'll need this later
Please copy and paste these instructions to an empty Wordpad file and leave it on your desktop and then Disconnect completely from the Internet
Open these instructions and leave them open until we have restarted your computer
Disable System Restore
===Open your Control Panel>>Open the Java Plugin
click the Cache Tab and Clear the cache
===Open Hijackthis>>Open Misc tools Section>>Open Process Manager
Kill this process if you can, exact process
C:\WINDOWS\inetdata\winlogon.exe
===Do another scan with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/ (http://\"http://www.search-paga.com/10039/\")
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [printer] C:\WINDOWS\System32\sysprinter.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O16 - DPF: {1A9499D9-E0B6-6AC5-78B2-697508F20565} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {2F67F11B-596E-007A-A745-632F30F86378} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
O16 - DPF: {49FAE7A3-7B4E-64B8-8DD4-5AD923118642} - http://69.50.182.94/1/rdgUS994.exe (http://\"http://69.50.182.94/1/rdgUS994.exe\")
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
===Run Pocket KillBox>>Now you have Killbox and this notepad file open
In Killbox
At the main screen of Pocket Killbox
In the Full Path of File to Delete box, copy and paste this entry:
C:\WINDOWS\System32\sysprinter.exe
Press the Delete file button >>The Red circle and a white X
Do the same for the rest of these below
Keep track of any files that won't delete, we'll need those in a bit
C:\WINDOWS\dstart2.exe
C:\WINDOWS\dstart6.exe
C:\WINDOWS\dstart7.exe
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\wldr.dll
C:\WINDOWS\System32\wldr.dll
C:\DOCUME~1\You!\LOCALS~1\TEMPOR~1\Content.IE5\AYUT9XOQ\rdgUS994[1].exe
C:\temp\sahagent-cdt1004.exe
C:\WINDOWS\Downloaded Program Files\rdgUS896.exe
C:\WINDOWS\Downloaded Program Files\rdgUS994.exe
C:\WINDOWS\inetdata\3.00.00.dll
C:\windows\inetdata\explorer.exe
C:\windows\inetdata\winlogon.exe
C:\windows\inetdata\2.00.00.dll
C:\windows\inetdata\cron.ini
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINNT\NOTEPAD.EXE
C:\WINNT\system32\notepad.exe
For any file that wouldn't delete, again copy and paste that entry into Killbox,
but this time, use the Delete on Reboot radio button
Press the button with a red circle and a white X.
If asked to Reboot now, don't until you have entered the last entry
After entering the the last path to any file that wouldn't delete
Allow the computer to Reboot
or Restart the computer anyways, try and restart into safe mode
In safe mode
Find and delete this folder if found
c:\windows\inetdata <-folder
Scan with Hijackthis again and ensure all those entries you fixed earlier in this reply are gone
You can enter Norton's Quarantine list and delete the files if you wish
Stay in safe mode
Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Restart your computer back to Normal mode
Reenable System Restore
UNZIP notepad_xp.zip
To these folders
C:\WINDOWS
C:\WINDOWS\System32
C:\WINNT
C:\WINNT\system32
Post back a fresh Hijackthis log afterwards
I edited the above, I said copy and paste instructions to a Notepad file
I meant Wordpad or similiar, sorry
Post by: JenE on March 22, 2005, 02:37:04 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:34:42 PM, on 3/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HJT\hijackthis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Jen
Post by: guestolo on March 22, 2005, 08:31:21 PM
You should set up protection against future attacks
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
If your version of Windows is legit, why so far behind on Windows Updates?
This is very important in keeping your system secure online as well
Post by: JenE on March 22, 2005, 09:54:34 PM
Should I go back in and "hide" those folders that I unhid before to do all the cleaning up?
Also...about my windows. My updates are so far behind because I had my computer repaired after a crash. After the repair I started getting a message that my windows was going to stop working if I didn't register it. So I tried to use the numbers that came with my computer and they didn't work. So I called the guy that did the repair and he told me that he couldn't use his registration number on any more computers. He said that an update I had done had made it start asking me for the registration numbers and he helped me fix it, but then he told me not to do a certain update...can't remember exactly what it was now...or the same thing would happen. So I stopped doing the updates because I was afraid the same thing would happen again. I don't know if that makes my version not legit. It was something I hadn't thought about before hand. I trusted that this guy was fixing computers legitimately....maybe he's not?
Thanks for all your help...if you can give any advice on the above that would be great.
Jen
Post by: guestolo on March 22, 2005, 11:25:28 PM
I'm not sure I understand, your not sure if you have a legal copy of Windows XP
Do you have a copy of XP???
I don't mean installed on your system but the actual CD
It sounds like it's not the original but installed and burned by someone else
Unfortunately, I don't endorse illegal software
There is lot's of information around the NET where you can find workarounds
Stay safe
Post by: JenE on March 23, 2005, 02:25:26 AM
When my computer crashed...I couldn't get into the hidden partition to run recovery. I couldn't do anything. So I took it to a shop and paid for repair.
So, no...I don't have a cd...but I never have. But I didn't think that taking my computer in for repairs made it illegal. What else would you do if your computer crashed and you didn't know how to fix it?
Jen