Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer "infected" with Windows Defender Ad


  • This topic is locked This topic is locked
9 replies to this topic

#1 pseizinger

pseizinger

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 April 2008 - 08:55 PM

Hi,

A friend of mine managed to get her computer infected with a couple of trojans, some spyware and what appeared to be a back door program. I cleaned most of it up, however, her browser keeps bringing up ads for Windows Defender (and now it brings up ads to get rid of Windows Defender). I see that you have tackled this topic previously so I would like your help in cleaning up this machine. I installed the latest hijackthis and ran a scan in anticipation of the need.

Thanks in advance for your help.

Phil


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:47 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Susan\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.game...og/y/ks12_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199583450734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...252/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: altvxvm - {1F6759E2-B90C-49D2-83C7-C927A2E4A5CC} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {DB58297F-824F-4E8F-BE7D-AD57A6E00083} - C:\WINDOWS\bokpkov.dll (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 11448 bytes

    Advertisements

Register to Remove


#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 03 April 2008 - 07:04 PM

Hi Phil and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • I recommend you make a backup of any data that you have created, such as documents, pictures, music, ect... before we begin the fix.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 pseizinger

pseizinger

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 03 April 2008 - 07:43 PM

Hi Dave,

Thanks for getting back to me on this. I followed your instructions and I am posting the SDFix report as well as a new HJT log file.

Thanks again,

Phil

SDFix: Version 1.165

Run by Susan on Thu 04/03/2008 at 09:34 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\tmp103515.exe - Deleted
C:\Program Files\tmp11750062.exe - Deleted
C:\Program Files\tmp11755515.exe - Deleted
C:\Program Files\tmp37687.exe - Deleted
C:\Program Files\tmp38968.exe - Deleted
C:\Program Files\tmp39250.exe - Deleted
C:\Program Files\tmp40468.exe - Deleted
C:\Program Files\tmp41515.exe - Deleted
C:\Program Files\tmp41578.exe - Deleted
C:\Program Files\tmp41843.exe - Deleted
C:\Program Files\tmp42890.exe - Deleted
C:\Program Files\tmp43251265.exe - Deleted
C:\Program Files\tmp44109.exe - Deleted
C:\Program Files\tmp44515.exe - Deleted
C:\Program Files\tmp45484.exe - Deleted
C:\Program Files\tmp46546.exe - Deleted
C:\Program Files\tmp46609.exe - Deleted
C:\Program Files\tmp46859.exe - Deleted
C:\Program Files\tmp47468.exe - Deleted
C:\Program Files\tmp50328.exe - Deleted
C:\Program Files\tmp52484.exe - Deleted
C:\Program Files\tmp55390.exe - Deleted
C:\Program Files\tmp86456437.exe - Deleted
C:\Program Files\tmp98171.exe - Deleted
C:\Documents and Settings\Susan\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Susan\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Susan\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\altvxvm.dll - Deleted


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:34 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Susan\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.game...og/y/ks12_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199583450734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...252/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 11503 bytes

#4 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 03 April 2008 - 08:34 PM

Looking better. Did you knowingly install the Crawler Toolbar and if so do you use it? If you answer no to either of these I would recommend you uninstall it. Here is some more information on it.

http://vil.mcafeesec...nt/v_137764.htm

Use Add or Remove Programs to remove if you decide so.

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please do an online scan with Kaspersky WebScanner

You need to use Internet Explorer for this scan.

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also "copy/paste" a new HijackThis log file into this thread and please describe how your computer behaves at the moment.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#5 pseizinger

pseizinger

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 06 April 2008 - 05:44 PM

Sorry it took a while to reply - I had to go out of town for a couple of days.

I removed the crawler toolbar and ran ATF cleaner and it found several items - I clicked the empty selected items button. I ran the Malwarebytes program and the did a kaspersky scan. Both came back with infections (though kaspersky only identified them - it didn't clean them). Lastly, I ran a HJT scan.

Thanks,

Phil

Attaching the results here:

Malwarebytes' Anti-Malware 1.10
Database version: 597

Scan type: Quick Scan
Objects scanned: 33289
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bpvm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Test\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan.SKYGODDESS\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Test\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan.SKYGODDESS\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Test\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Susan.SKYGODDESS\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 7:35:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 686975
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 251302
Number of viruses found: 25
Number of infected objects: 129
Number of suspicious objects: 2
Duration of the scan process: 02:50:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Susan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Susan\Application Data\iolo\SystemAnalyzer.log Object is locked skipped
C:\Documents and Settings\Susan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Susan\Desktop\77002808_sub.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.bk skipped
C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\History\History.IE5\MSHist012008040620080407\index.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\fb_2052.lck Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\Perflib_Perfdata_804.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\~DF6BA8.tmp Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\~DF9230.tmp Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temp\~DFA5AB.tmp Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Susan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Susan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Susan.SKYGODDESS\Desktop\77002808_sub.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.bk skipped
C:\Documents and Settings\Test\.housecall6.6\Quarantine\M3PLUGIN.DLL.bac_a03124 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\RECYCLER\S-1-5-21-507921405-1303643608-725345543-500\Dc1.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/altvxvm.dll Infected: not-a-virus:AdWare.Win32.Vapsup.cop skipped
C:\SDFix\backups\backups.zip/backups/tmp103515.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp11750062.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp11755515.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp37687.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp38968.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp39250.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp40468.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp41515.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp41578.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp41843.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp42890.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp43251265.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp44109.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp44515.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp45484.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp46546.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp46609.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp46859.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp47468.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp50328.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp52484.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp55390.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp86456437.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip/backups/tmp98171.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\SDFix\backups\backups.zip ZIP: infected - 25 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064123.dll Object is locked skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064131.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cop skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072341.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072342.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072343.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072344.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072345.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072346.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072347.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072348.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072349.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072350.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072351.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072352.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072353.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072354.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072355.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072356.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072357.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072358.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072359.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072360.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072361.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072362.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072363.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072364.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072365.dll Infected: not-a-virus:AdWare.Win32.Vapsup.cop skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072369.dll Infected: not-a-virus:AdWare.Win32.Vapsup.cop skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072371.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072372.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072373.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072374.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072375.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072376.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072377.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072378.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072379.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072380.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072381.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072382.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072383.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072384.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072385.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072386.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072387.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072388.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072389.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072390.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072391.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072392.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072393.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\A0072394.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F35CEF68-240F-4379-B28D-6557AC277D49}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_1616.lck Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Backup\SS\Local Settings\Application Data\Identities\{E6A126E0-0921-11D6-A837-DBAB3136984B}\Microsoft\Outlook Express\Deleted Items.dbx/[From k-lexotics <k-lexotics@gbis.com>][Date Thu, 24 Oct 2002 04:14:23 -0400 (EDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\SS\Local Settings\Application Data\Identities\{E6A126E0-0921-11D6-A837-DBAB3136984B}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 1 skipped
D:\Backup\Program Files\Online Services\PRODIGY\PISETUP.EXE/SETUP32.EXE/WISE0042.BIN Infected: Trojan.Win32.Dialer.mv skipped
D:\Backup\Program Files\Online Services\PRODIGY\PISETUP.EXE/SETUP32.EXE Infected: Trojan.Win32.Dialer.mv skipped
D:\Backup\Program Files\Online Services\PRODIGY\PISETUP.EXE ZIP: infected - 2 skipped
D:\Backup\Program Files\KFH\setup.exe/data0007 Infected: Trojan.Win32.DelFiles.s skipped
D:\Backup\Program Files\KFH\setup.exe NSIS: infected - 1 skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.z skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\M3IDLE.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Backup\Program Files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
D:\Backup\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf/Documents_and_Settings\Susan\Desktop\77002808_sub.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.bk skipped
D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf/Documents_and_Settings\Susan.SKYGODDESS\Desktop\77002808_sub.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.bk skipped
D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf/Documents_and_Settings\Test\.housecall6.6\Quarantine\M3PLUGIN.DLL.bac_a03124 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf MTF: infected - 3 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0009487.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0009786.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.222 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0009791.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.222 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0013202.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0016593.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.222 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0016598.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.222 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0022525.exe/SETUP32.EXE/WISE0042.BIN Infected: Trojan.Win32.Dialer.mv skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0022525.exe/SETUP32.EXE Infected: Trojan.Win32.Dialer.mv skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP131\A0022525.exe ZIP: infected - 2 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP133\A0029408.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP133\A0038478.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP133\A0040479.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064132.exe/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064132.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064132.exe WiseSFX: infected - 2 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064133.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064133.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.TimeSinc skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP208\A0064133.exe WiseSFX: infected - 2 skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP210\A0065753.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
D:\System Volume Information\_restore{210A7B46-CC46-4186-BDBD-48CACC2D5265}\RP228\change.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:29 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMTrayNotify.exe
C:\Documents and Settings\Susan\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.game...og/y/ks12_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199583450734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...252/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 11094 bytes

#6 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 06 April 2008 - 07:09 PM

Hi Phil,

Kaspersky does not fix anything, and that is by design. It is very thorough which is why I like it. Now we can clean up what it found.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Susan\Desktop\77002808_sub.exe
    C:\Documents and Settings\Susan.SKYGODDESS\Desktop\77002808_sub.exe
    C:\SDFix
    D:\Backup\Program Files\KFH\setup.exe
    D:\Backup\Program Files\MyWebSearch
    D:\Backup\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


Click "Exit" to close OTMoveIt.

Let me know how you make out and also how it's running now.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#7 pseizinger

pseizinger

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 06 April 2008 - 08:01 PM

Here is the results from MoveIt. The computer hasn't brought up the Windows Defender page now for a while and it appears to be running normally. Heven't seen anything "wierd" for a while now. Thanks, Phil C:\Documents and Settings\Susan\Desktop\77002808_sub.exe moved successfully. C:\Documents and Settings\Susan.SKYGODDESS\Desktop\77002808_sub.exe moved successfully. C:\SDFix\backups moved successfully. C:\SDFix\apps\Replace\xp moved successfully. C:\SDFix\apps\Replace\w2k moved successfully. C:\SDFix\apps\Replace moved successfully. C:\SDFix\apps moved successfully. C:\SDFix moved successfully. D:\Backup\Program Files\KFH\setup.exe moved successfully. D:\Backup\Program Files\MyWebSearch\SrchAstt\5.bin moved successfully. D:\Backup\Program Files\MyWebSearch\SrchAstt\Cache moved successfully. D:\Backup\Program Files\MyWebSearch\SrchAstt\1.bin moved successfully. D:\Backup\Program Files\MyWebSearch\SrchAstt moved successfully. D:\Backup\Program Files\MyWebSearch\bar\5.bin moved successfully. D:\Backup\Program Files\MyWebSearch\bar\Cache moved successfully. D:\Backup\Program Files\MyWebSearch\bar\Game moved successfully. D:\Backup\Program Files\MyWebSearch\bar\History moved successfully. D:\Backup\Program Files\MyWebSearch\bar\Settings moved successfully. D:\Backup\Program Files\MyWebSearch\bar moved successfully. D:\Backup\Program Files\MyWebSearch moved successfully. DllUnregisterServer procedure not found in D:\Backup\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll D:\Backup\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered. D:\Backup\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully. D:\Backup\New Folder\Susan's Backup - Do Not Delete.bkf moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04062008_214824

#8 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 06 April 2008 - 08:10 PM

Hi,

Well if all is running well then we can just finish off.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

In addition to updating and using what you currently have you may want to consider the following:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Spybot: Search And Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Install Ad-Aware - Ad-Aware SE You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use Zoned Out -
Zoned Out will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.

Here are a couple other links that may help to secure your PC after an attack.
How do I protect myself from infection?
Can you tell me how I got infected?
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#9 pseizinger

pseizinger

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 07 April 2008 - 04:52 PM

Dave, Thanks so very much for your help in cleaning this machine. You did a great job. Best Regards, Phil

#10 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 07 April 2008 - 05:23 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users