Newbie
Hi guys,
I'm new here and my computer has been hit alot of spywares also windows hijack.
I have also tried many spyware remover programs such as Adware Personal Edition, HiJackThis and CleanUp, etc.
But one entry in HiJackThis logfile can't never go away..
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
Can anyone help me remove it? Thanks.
Dedicated Member
Welcome to DAL,
Go here http://www.d-a-l.com/help/showthread.php?t=32403
Post a hijackthis log from the link provided there so we can take a look.
Newbie
Ok, I have followed the instructions posted on the other thread and scanned my pc with spybot. It founds several entries. It couldn't delete one because it says it is in memory. I rebooted the pc and tried to remove it before it finish loading the window, but it still couldn't remove it. It's Adware.MMSAssist.Originally Posted by Neal
I scanned the pc with hijackthis, here is the logfile:
Logfile of HijackThis v1.99.1
Scan saved at 9:39:59 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThisProgram\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nyc-discusfanatics.com/face/dragonball/Forum/ForumIndex.asp"); (C:\Documents and Settings\Vincent\Application Data\Mozilla\Profiles\default\wlcrlkcq.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Vincent\Application Data\Mozilla\Profiles\default\wlcrlkcq.slt\prefs.j s)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConn ection OfotoNow
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://derlingalexandra.spaces.msn.c...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094655009578
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttp...45515OneCC.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I also went to BitDefender website did an online scan.
It found this:
Scan Info
Scanned Files 320970
Infected Files 98
Virus Detected
Win32.Sober.P@mm 4
MemScan:Adware.Betterinternet.BD 1
Trojan.Clicker.Agent.AM 90
Application.ProcKill.Jk 1
Trojan.Clicker.Agent.GV 2
Dedicated Member
Hi and thanks,
I need to see the scan logs from BitDefender and Ewido. If you did not save them please re-scan and post the logs so I can make sure everything was deleted and what was found. Certain infections will come back after the computer is rebooted. Thanks.
Newbie
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:02:22 PM 7/31/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
HKU\S-1-5-21-776561741-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6671A431-5C3D-463D-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
:mozilla.52:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.70:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.43:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.9:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.95:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.46:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.10:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.11:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.12:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.78:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.79:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.22:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.23:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.89:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
::Report end
I saved logfile from BitDefender as txt file.
Now I see all the html tags.
Does this website allow html tags in posting?
Thanks.
Newbie
here is the logfile from the BitDefender. I don't know if you can see it or not.
HTML Code:<HTML> <HEAD> <TITLE>BitDefender Online Scanner -Scan Report</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <meta name="generator" content="Namo WebEditor v5.0(Trial)"> </HEAD> <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" > <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%"> <tr> <td width="458"> <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan="3" width="912"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated at: Mon, Jul 31, 2006 - 11:17:50</b></span></font></p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Statistics</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Time</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">01:42:02</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">321139</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Folders</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">5925</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Boot Sectors</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4271</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Packed Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">20754</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Results</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Identified Viruses </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">2</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Infected Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">5</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Suspect Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Disinfected</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Deleted Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">5</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Engines Info</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Virus Definitions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">425545</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Engine build</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">13</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archive plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">39</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Unpack plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">5</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">E-mail plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">System plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scan Settings</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">First Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Disinfect</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Second Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Delete</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Heuristics</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Enable Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scanned Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">*;</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Exclude Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2"> </font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Emails</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Packed</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Boot</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan=2> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="252" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scanned File</b></font></p> </td> <td width="195" bgcolor="#CCCCCC" align="right"> <p align="left"><b><font size="2" face="Arial"> Status</font></b></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Detected with: Application.ProcKill.Jk</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr> </table> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> </table> <p> </p> </body>
Dedicated Member
I need to see a different log from Bitdefender, it will allow to post the results. I can't make heads or tails out of that.
Newbie
How about now? Thanks.
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)
Updated
C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001
Detected with: Application.ProcKill.Jk
D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001
Deleted
D:\---MOVIES---\webrebates_install.exe=>(NSIS o)
Update failed
Dedicated Member
Hi,
Thanks, evidently you got/had some infected email, might want to do some cleaning there.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
www.pandasoftware.com/activescan/
Internet Explorer Required
Please run this online virus scan: ActiveScan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)
- Select either Home User or Company
* Click the big Scan Now button
* If/when you get a notice that Panda wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on Local Disks to start the scan
* When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop and post it back here please and a new hijackthis log as well. Thanks.
Newbie
I noticed alot of infected files are from outlook express. I dont even use outlook express. So what's going on?
Here is saved list from HijackThis..
Thanks.
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Reader Chinese Traditional Fonts
Advanced JPEG Compressor 4.8
Alive Video Converter (version 1.9.8.6)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG Free Edition
BitComet 0.56
Browser Hijack Blaster v1.0
Canon CanoScan Toolbox 4.8
Citrix Web Client
CleanUp!
CT01_Trial_Master_Files
Dell Digital Jukebox Driver
Dell ResourceCD
Diablo II
Easy CD Creator 5 Basic
ewido anti-spyware 4.0
Half-Life: Counter-Strike
HijackThis 1.99.1
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
InterVideo WinDVD 4
iPhoto Plus 4
iPod Updater 2004-10-20
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Manual CanoScan 8400F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional with FrontPage
Motorola Phone Tools
MOV to AVI MPEG WMV Converter 1.4.2
Mozilla Firefox (1.5.0.5)
MSN Music Assistant
Netscape (7.2)
OfotoNow
OLYMPUS CAMEDIA Master 2.0
OmniPage SE 2.0
Picasa 2
PowerDVD
Presto! PageManager 6.11
QuickTime
RealArcade
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Skype 2.5
SoundMAX
Spybot - Search & Destroy 1.4
Steam
Turbo Lister
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Weather Pulse 2.05 build 31
WinAVI VideoConverter
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
ZoneAlarm
Last edited by Discusman; 01-08-2006 at 02:09 AM.
