Think I have spyware or virus or both - Gladiator Security Forum

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Think I have spyware or virus or both, Please Help...

Options

Berty View Member Profile	Dec 17 2005, 05:31 AM Post #1
Active Member Group: Member Posts: 19 Joined: 30-June 04 Member No.: 8686	Hello, I think my window explorer has been taken over. I only get a page that from www.needupdate.com. It won't go away and I cannot get my normal default page up. I'm also have this constant clicking on my PC. I did notice something call iexplore.exe. I'm not sure what this is. I followed your instructions and here is my "Hijack Log File". I await any help you can give me. Thank you so much. Logfile of HijackThis v1.99.1 Scan saved at 12:19:43 AM, on 12/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\system32\PROMon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\2Wire\2PortalMon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpAFF6.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1139769224513 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134746899421 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Bobbi Flekman View Member Profile	Dec 17 2005, 11:43 AM Post #2
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Berty, IExplore.exe is Internet Explorer. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Now scan with HJT and place a checkmark next to each of the following items: =================================================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpAFF6.tmp O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab =================================================== Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click on scanner Click on Complete System Scan and the scan will begin. NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action. DO NOT select "Perform action on all infections" If you are unsure of any entry found select none for now. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop Close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked! Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply. Let us know if any problems persist. --------------------

Berty View Member Profile	Dec 17 2005, 02:26 PM Post #3
Active Member Group: Member Posts: 19 Joined: 30-June 04 Member No.: 8686	My homepage is still www.needupdate.com. It looks like nothing has changed. I think I followed your instruction carefully. Maybe I missed something. Norton antivirus did not let me use "Panda ActieveScan". I also could not find the "smitfiles.txt log. Here is the latest Hijack file along with the Ewido Log that you ask me to post. Please help...I panic easy. Thank you. Logfile of HijackThis v1.99.1 Scan saved at 9:19:56 AM, on 12/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\system32\PROMon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\2Wire\2PortalMon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp9C6E.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1139769224513 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134746899421 O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:03:19 AM, 12/17/2005 + Report-Checksum: 53B9D4E0 + Scan result: C:\Documents and Settings\Owner\Cookies\owner@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup C:\WINDOWS\system32\hp7985.tmp -> Downloader.Zlob.co : Cleaned with backup ::Report End

Bobbi Flekman View Member Profile	Dec 18 2005, 10:34 AM Post #4
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Can you turn off Norton and re-execute my instructions. The file you couldn't find should be in the root of the C-drive. --------------------

Berty View Member Profile	Dec 18 2005, 03:25 PM Post #5
Active Member Group: Member Posts: 19 Joined: 30-June 04 Member No.: 8686	Ok, I think its looking good. I think I was still unable to run "Panda", but not sure. I'm now able to see my normal home page. Here are the new logs. Please let me know how things look. Thank you so much. Bert Logfile of HijackThis v1.99.1 Scan saved at 10:18:35 AM, on 12/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\system32\PROMon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\2Wire\2PortalMon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1139769224513 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134746899421 O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Sun 12/18/2005 The current time is: 8:47:40.53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ Security Toolbar ~~~ Shortcuts ~~~ Online Security Guide.url Online Security Guide.url Security Troubleshooting.url Security Troubleshooting.url ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ 1024 dir msvol.tlb ld**.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacok@beyondlogic.org Killing PID 760 'explorer.exe' Killing PID 760 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url Online Security Guide.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 10:07:30 AM, 12/18/2005 + Report-Checksum: 3ED898A0 + Scan result: No infected objects found. ::Report End

Bobbi Flekman View Member Profile	Dec 19 2005, 11:21 AM Post #6
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Berty, This looks good. Any troubles? --------------------

Berty View Member Profile	Dec 19 2005, 11:42 AM Post #7
Active Member Group: Member Posts: 19 Joined: 30-June 04 Member No.: 8686	Hi Bobbi, I think I'm OK. The only thing that is still going on is a clicking every 10-15 seconds. Norton anti-V saids that an "instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet". Is this normal? This started about mid October. Other than that thank so much for your help. Bert.

Bobbi Flekman View Member Profile	Dec 19 2005, 11:52 AM Post #8
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	QUOTE (Berty @ Dec 19 2005, 12:42 PM) Hi Bobbi, I think I'm OK. The only thing that is still going on is a clicking every 10-15 seconds. Norton anti-V saids that an "instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet". Is this normal? This started about mid October. Other than that thank so much for your help. Bert. This is definitely not normal. Check your computer with the following free anti-virus/anti-trojan products. Housecall Anti Virus Panda Anti Virus Trojan Scan Bit Defender Post all the logs that you can create with these services. --------------------

Berty View Member Profile	Dec 20 2005, 12:21 PM Post #9
Active Member Group: Member Posts: 19 Joined: 30-June 04 Member No.: 8686	Hello, Ok I ran the ones you suggested. All ran except for Panda. (Said I had page error) I Still get the clicking. This is where it seems to be clicking to: Details: Connection: gateway.2wire.net(172.16.0.1): http(80). from GATEWAY_SYSTEM(172.16.1.34): 2449. 106 bytes sent. 1310 bytes received. 1:01.187 elapsed time. This shows up under my norton logviewer, under "Norton internet worm protection" connections. Here are the logs from the programs you asked me to run. Trojan Scan: Documents and setting\owner\desktop\smitrem\process.exe Rickware.risktoolwin32processor20 HouseCall: ADW_SE.62007 ADW_SE.67008 HKCR\interface\{549F957D-2F89-1106-8CFE00C04F52B225} ADW_SE.62010 ADW_SE.62011 HKLM\Sofware\Classes\interface BitDefender BitDefender Online Scanner CONTENT <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Engines Info</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Virus Definitions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">246975</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Engine build</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">13</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archive plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">39</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Unpack plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">E-mail plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">System plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scan Settings</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">First Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Disinfect</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Second Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Delete</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Heuristics</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Enable Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scanned Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">*;</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Exclude Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2"> </font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Emails</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Packed</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Boot</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan=2>   <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="252" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scanned File</b></font></p> </td> <td width="195" bgcolor="#CCCCCC" align="right"> <p align="left"><b><font size="2" face="Arial"> Status</font></b></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\03207CCE.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Trojan.Dialer.AY2</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\03207CCE.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\038232A5.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\038232A5.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\06D74C76.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\06D74C76.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0C4855DE.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0C4855DE.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0C7E37B2.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Trojan.Downloader.Small.AYL</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0C7E37B2.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\141E557A.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\141E557A.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\173A3D42.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\173A3D42.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1CAA22A7.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1CAA22A7.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D136FE7.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D136FE7.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D2B24BB.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D2B24BB.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D8372ED.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1D8372ED.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1F9A780D.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1F9A780D.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\225A566C.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.C@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\225A566C.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2AE75D09.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2AE75D09.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B4147DA.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B4147DA.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B6B6359.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B6B6359.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2BC41FFC.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2BC41FFC.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2C4D3461.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2C4D3461.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2D526748.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2D526748.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\3153107A.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\3153107A.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\32E23D6B.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\32E23D6B.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\35E84182.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\35E84182.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\36886E44.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\36886E44.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\3ED3555E.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\3ED3555E.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\428D4457.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\428D4457.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\47A03838.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\47A03838.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\47BA081B.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\47BA081B.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4992374D.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4992374D.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4AE06A27.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4AE06A27.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4D8F3CD6.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\4D8F3CD6.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\505F3987.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\505F3987.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52523C22.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52523C22.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52605799.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52605799.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\53974630.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\53974630.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\57971799.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\57971799.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\59906D70.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\59906D70.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\59C9332B.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\59C9332B.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\5C7C3093.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\5C7C3093.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\65A008EF.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\65A008EF.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\6669111E.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Worm.Mytob.KQ</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\6669111E.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\723C3FDA.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\723C3FDA.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\73257127.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\73257127.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\734F12F8.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\734F12F8.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\74172D61.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Netsky.AA@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\74172D61.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\750F1298.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Doombot.B@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\750F1298.tmp=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\7966718C.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Mabutu.A@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\7966718C.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\7966718C.tmp</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP220\A0018915.exe</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: BehavesLike:Win32.ExplorerHijack</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP220\A0018915.exe</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP220\A0018915.exe</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP222\A0018955.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Trojan.Dialer.AY2</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP222\A0018955.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP222\A0018956.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Trojan.Downloader.Small.AYL</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\System Volume Information\_restore{5DAB99D8-09D2-4222-8285-39864941749C}\RP222\A0018956.exe=>(Quarantine-2)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr> </table> </td> I hope this helps. Thank you so much again.

Bobbi Flekman View Member Profile	Dec 20 2005, 12:50 PM Post #10
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Berty, QUOTE Ok I ran the ones you suggested. All ran except for Panda. (Said I had page error) I Still get the clicking. This is where it seems to be clicking to: Details: Connection: gateway.2wire.net(172.16.0.1): http(80). from GATEWAY_SYSTEM(172.16.1.34): 2449. 106 bytes sent. 1310 bytes received. 1:01.187 elapsed time. You are running 2Wire. So it is logical that it contacts the 2Wire site. To get rid of this, uninstall 2Wire. --------------------

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: