Messages

1

Tech Clinic / aurora and a trojan..help please.

« on: July 16, 2005, 03:02:42 PM »

Here are my new logs:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:56 PM, on 7/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\hijackthis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eyntqon] c:\windows\system32\hmysoq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Ewido:

 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         11:45:57 AM, 7/16/2005
 + Report-Checksum:      BE82F172

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj\CLSID -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj\CurVer -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{491BE5B7-A7F8-40EC-AAD4-CBA11FDFD814} -> Dialer.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{665ABE65-2C16-4341-B4B8-01FF799E8F4C} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{927420A3-7259-4A74-B402-9329177EC3FC} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
   HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{29358AA6-679D-44EA-8A51-59A3C6E6F811} -> Dialer.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D14D6793-9B65-11D3-80B6-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-73586283-57989841-839522115-1003\Software\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
   C:\!Submit\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\!Submit\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
   :mozilla.436:C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.437:C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.438:C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.439:C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   C:\HJT\backups\backup-20050321-162502-958.dll -> Spyware.Comet : Cleaned with backup
   C:\WINDOWS\assest.dll -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
   C:\WINDOWS\frennk.dll -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\jaaste.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\WINDOWS\KB290333.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\WINDOWS\sasent.dll -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\sasetup.dll -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\system32\hmysoq.exe -> Trojan.Agent.cp : Cleaned with backup


::Report End


I now have an icon that says 30 days to activate windows.  We paid a neighbor to repair our computer after a complete crash.  My computer did not come with recovery CDs.  It says in the manual that  System Recovery CDs are not available and I need to contact HP, but my warranty has run out and they won't help me.  Does this mean he used pirated software to fix my computer?  What will happen at the end of 30 days?  

Totally stressing out....
Jen

2

Tech Clinic / aurora and a trojan..help please.

« on: July 16, 2005, 01:15:29 AM »

I have aurora pop ups and now tonight Norton is telling me I have a trojan.
Thanks for any help.

Jen

Logfile of HijackThis v1.99.1
Scan saved at 11:12:30 PM, on 7/15/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
c:\windows\system32\atcjvfj.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealArcade\RNArcade.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [viqmzaa] c:\windows\system32\atcjvfj.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

3

Tech Clinic / need websiteviewer help

« on: March 23, 2005, 02:25:26 AM »

When I purchased my computer it came with xp installed.  I purchased my computer new, but it never had a cd for xp.  It had no type of recovery disks at all.  The recovery is in a hidden partition.  Does that make sense?

When my computer crashed...I couldn't get into the hidden partition to run recovery.  I couldn't do anything.  So I took it to a shop and paid for repair.    

So, no...I don't have a cd...but I never have.  But I didn't think that taking my computer in for repairs made it illegal.  What else would you do if your computer crashed and you didn't know how to fix it?

Jen

4

Tech Clinic / need websiteviewer help

« on: March 22, 2005, 09:54:34 PM »

Thanks for all of your help...things seem to look good from this end.  

Should I go back in and "hide" those folders that I unhid before to do all the cleaning up?

Also...about my windows.  My updates are so far behind because I had my computer repaired after a crash.  After the repair I started getting a message that my windows was going to stop working if I didn't register it.  So I tried to use the numbers that came with my computer and they didn't work.  So I called the guy that did the repair and he told me that  he couldn't use his registration number on any more computers.  He said that an update I had done had made it start asking me for the registration numbers and he helped me fix it, but then he told me not to do a certain update...can't remember exactly what it was now...or the same thing would happen.  So I stopped doing the updates because I was afraid the same thing would happen again.  I don't know if that makes my version not legit.  It was something I hadn't thought about before hand.  I trusted that this guy was fixing computers legitimately....maybe he's not?  

Thanks for all your help...if you can give any advice on the above that would be great.

Jen

5

Tech Clinic / need websiteviewer help

« on: March 22, 2005, 02:37:04 AM »

Fresh log after following above instructions.

Logfile of HijackThis v1.99.1
Scan saved at 11:34:42 PM, on 3/21/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HJT\hijackthis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Jen

6

Tech Clinic / need websiteviewer help

« on: March 21, 2005, 10:18:06 PM »

Followed above instructions and will post logs below.  I have a few questions though.

1.  Should I have turned off system restore before doing all of this?
2. When all of this is done should I go back hide the folders I have unhidden?
3. Should I have emptied my recycle bin right away after deleting files and folders I was directed to delete?
4. I haven't been able to use Notepad and from the virus log it looks like it is infected.  How can I fix that?

All of these were found in the inetdata folder.
c:\windows\inetdata\services.exe
c:\windows\inetdata\explorer.exe
c:\windows\inetdata\winlogon.exe
c:\windows\inetdata\2.00.00.dll
c:\windows\inetdata\cron.ini

Mwav virus log:
File C:\WINDOWS\inetdata\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysprinter.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart2.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart6.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart7.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\You!\LOCALS~1\TEMPOR~1\Content.IE5\AYUT9XOQ\rdgUS994[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Application Data\Mozilla\Firefox\Profiles\f99928dh.Default User\Cache\F8BCA334d01 tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-36c50bc2.zip infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\chainz.jar-5d03bb16-774ae688.zip tagged as not-a-virus:JavaClass.FormURLToy. No Action Taken.
File C:\Documents and Settings\You!\Desktop\D'loads\Install_AIM.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\You!\Desktop\HSFix\HSFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Desktop\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\You!\Local Settings\Temporary Internet Files\Content.IE5\AYUT9XOQ\rdgUS994[1].exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\LexmarkX83\RemoveX83.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX83\setupx83part2ww.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\LexmarkX83\X83Twain.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01A00383.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01BE7D63.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01C87B58.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01DE213F.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01E57538.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01F21D29.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02134105.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\021D3EFB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\023364E1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\024A0AC8.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\026E58A1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02857E88.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\029C246E.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02A62264.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02D04435.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02D7182E.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02F73C0A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\030463FB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0387736C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\040A02DC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04172ACE.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\043B78A6.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04511E8D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04A00E37.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07A92C4B.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07AC5647.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07C34B4B.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0A114A29.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CA63762.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CBD5D49.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CFB7B05.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D1220EC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D1B1EE1.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D2272DA.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D2A7A3A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D4640B2.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D4C14AB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D601095.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D9B0455.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DA82C46.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E0D41D7.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E173FCC.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E450B9A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E62057A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E695972.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E7F7F59.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0ECE6F03.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EE16AED.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EEB68E3.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F0C0CBF.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F160AB4.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F305A97.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F3A588C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10357978.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\103F776D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10561D54.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10594E15.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\105F1B49.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10764130.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10803F25.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\108A3D1A.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109A0F08.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10B134EF.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10C106DD.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10D82CC4.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10EF52AB.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11132083.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\111A747C.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11301A63.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\113D4255.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1144164D.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\141F2754.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\179B1953.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F72401D.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\25517277.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E0C0EEA.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E1362E3.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E160CDF.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E200AD4.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2334D1.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E265ECD.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2908CA.exe infected by "not-a-virus:AdWare.ToolBar.ImiBar.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E2D32C6.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E305CC2.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2E3306BF.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3A8F0FB5.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4260174F.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46106A33.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46141430.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46141430.tmp infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46A83CAE.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46AC66AA.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46B23AA3.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46B23AA3.exe infected by "Trojan-Dropper.Win32.180Solutions.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4DF1534D.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\54326F34.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\54361930.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\589070FB.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\58931AF8.exe infected by "Email-Worm.Win32.CWS.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\59E70553.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\65784152.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\772730C6.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\ShopperReports\Bin\1.0.0.1\smrtshpr.dll infected by "not-a-virus:AdWare.Comet.d" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc10.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc1220.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\2.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\3.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\services.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc15\winlogon.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc47\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc50.tmp\hbinstie.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.t" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc7.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc8.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-73586283-57989841-839522115-1003\Dc88.tmp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0000007.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001001.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001010.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001011.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001012.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001014.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001015.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001016.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001017.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001018.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001019.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001020.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001021.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001022.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001024.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001026.exe infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001027.exe infected by "not-a-virus:AdWare.ToolBar.Shopper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001028.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001032.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001033.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001034.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001035.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.ai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001036.dll infected by "not-a-virus:AdWare.ToolBar.ag" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001037.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001038.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001040.exe infected by "not-a-virus:AdWare.Comet.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001041.dll infected by "not-a-virus:AdWare.ToolBar.Hotbar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001042.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.ai" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001044.dll infected by "not-a-virus:AdWare.HotBar.an" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001053.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001056.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP1\A0001057.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP2\A0001080.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0226F261-DA7A-47C3-B85E-FE0BD250478F}\RP2\A0001081.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\temp\sahagent-cdt1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\rdgUS896.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\rdgUS994.exe infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart2.exe infected by "Trojan-Downloader.Win32.Small.alw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart6.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dstart7.exe infected by "Trojan.Win32.Dialer.gx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\3.00.00.dll infected by "not-a-virus:AdWare.BHO.Ihbo.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\inetdata\services.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\WINNT\NOTEPAD.EXE infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\notepad.exe infected by "Trojan-Downloader.Win32.CWS.gen" Virus. Action Taken: No Action Taken.
File C:\WinXpCrackEN\WinXpCrackEN\WinXP.Activation.v1.1.English.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:15:29 PM, on 3/21/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [printer] C:\WINDOWS\System32\sysprinter.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6736B1DA-1758-413D-89E9-B0D33D876C02} - (no file) (HKCU)
O16 - DPF: {1A9499D9-E0B6-6AC5-78B2-697508F20565} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2F67F11B-596E-007A-A745-632F30F86378} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {49FAE7A3-7B4E-64B8-8DD4-5AD923118642} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

HSFix log:
 
Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
   Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-


Hope I posted everything you need.  

Thanks!
Jen

7

Tech Clinic / need websiteviewer help

« on: March 20, 2005, 11:02:47 PM »

No need to apologize.   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

I followed your above directions and here is my fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:57 PM, on 3/20/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\otqycg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\windows\system32\packager.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks!
Jen

8

Tech Clinic / need websiteviewer help

« on: March 20, 2005, 06:39:40 PM »

Ok...I'm going to go ahead and post my fresh log here.  I guess you will let me know if I need to do something different.    http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Logfile of HijackThis v1.99.1
Scan saved at 3:29:20 PM, on 3/20/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\otqycg.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system32\calc.exe
C:\WINDOWS\inetdata\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\winlogon.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [xjvptjep] C:\WINDOWS\System32\xjqenvvm.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [otqycg] c:\windows\system32\otqycg.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48F6D84E-8135-4E79-889C-B213BE145F9D} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A46F02D0-DAF1-4958-9B52-BF5BB81A79D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AA3859A3-367A-439C-9BFD-526F1E589AE6} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01A82FAC-D9A9-67EC-665F-1BE95CF7A0C9} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {0CE55843-1693-18B0-FD3C-155074C95B5B} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {0F5B4505-6EE1-337D-704D-5210605C52D0} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {12AB6DBE-AB24-6826-3A1B-0E6D6B0DF0D8} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab
O16 - DPF: {15CDE707-80DF-1958-3278-03124A6A2FA8} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {1EC74EF1-5B81-1164-2366-62A64BE55D70} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {204B087A-8B03-2C28-2771-7851032A33FC} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {24692DC5-C9C2-55D2-8FA8-79A9392220ED} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {29D26379-39E8-047E-47B7-7FF152623A35} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34143973-F098-4E74-1B19-67ED55D94750} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {3AE77F61-7AEA-1E42-F679-27167190FE48} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {3D955CBE-54BF-243D-2CB4-72FC18CC22AD} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {486BE088-351A-790B-0645-092E119B3BA8} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {4A8213BA-6633-1E19-06E0-03D004676AF9} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {54D8FD11-D73A-7797-8270-43880A70C3C5} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {5748C11E-2386-6861-1E72-3BF06C4AB3EB} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A02DFE7-0EB8-60D1-0CE9-468915A6D088} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {6BAE1971-AD64-3D73-FE2A-78C732799C6E} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {6F7E4B61-54D2-1FB5-F1A2-3A331E147E3E} - http://69.50.182.94/1/rdgUS994.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks!
Jen

9

Tech Clinic / need websiteviewer help

« on: March 20, 2005, 06:32:09 PM »

OK..I'm all registered.  DO you want me to put the new log in a new post...or just post it here?

Jen