Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » New member need some help....(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

New member need some help....(RESOLVED)

Reply
Page 1 of 3 1 23
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 30-07-2006, 04:38 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
New member need some help....(RESOLVED)
Hi guys,

I'm new here and my computer has been hit alot of spywares also windows hijack.

I have also tried many spyware remover programs such as Adware Personal Edition, HiJackThis and CleanUp, etc.

But one entry in HiJackThis logfile can't never go away..

O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)


Can anyone help me remove it? Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 30-07-2006, 10:33 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,520
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: New member need some help....
Welcome to DAL,


Go here Read This First - IMPORTANT Instructions


Post a hijackthis log from the link provided there so we can take a look.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 31-07-2006, 02:49 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
Re: New member need some help....
Quote:
Originally Posted by Neal
Welcome to DAL,


Go here Read This First - IMPORTANT Instructions


Post a hijackthis log from the link provided there so we can take a look.
Ok, I have followed the instructions posted on the other thread and scanned my pc with spybot. It founds several entries. It couldn't delete one because it says it is in memory. I rebooted the pc and tried to remove it before it finish loading the window, but it still couldn't remove it. It's Adware.MMSAssist.

I scanned the pc with hijackthis, here is the logfile:
Logfile of HijackThis v1.99.1
Scan saved at 9:39:59 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThisProgram\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nyc-discusfanatics.com/face/dragonball/Forum/ForumIndex.asp"); (C:\Documents and Settings\Vincent\Application Data\Mozilla\Profiles\default\wlcrlkcq.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Vincent\Application Data\Mozilla\Profiles\default\wlcrlkcq.slt\prefs.j s)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConn ection OfotoNow
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://derlingalexandra.spaces.msn.c...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094655009578
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttp...45515OneCC.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I also went to BitDefender website did an online scan.
It found this:

Scan Info

Scanned Files 320970

Infected Files 98



Virus Detected

Win32.Sober.P@mm 4

MemScan:Adware.Betterinternet.BD 1

Trojan.Clicker.Agent.AM 90

Application.ProcKill.Jk 1

Trojan.Clicker.Agent.GV 2
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 31-07-2006, 04:55 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,520
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: New member need some help....
Hi and thanks,


I need to see the scan logs from BitDefender and Ewido. If you did not save them please re-scan and post the logs so I can make sure everything was deleted and what was found. Certain infections will come back after the computer is rebooted. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 31-07-2006, 05:18 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
Re: New member need some help....
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:02:22 PM 7/31/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
HKU\S-1-5-21-776561741-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6671A431-5C3D-463D-A7CF-5587F9B7E191} -> Adware.Generic : No action taken.
:mozilla.52:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.70:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.43:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.9:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Vincent\Cookies\vincent@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.95:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.46:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.10:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.11:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.12:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.78:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.79:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.22:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.23:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.89:C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\ah8y5g4e.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.


::Report end

I saved logfile from BitDefender as txt file.
Now I see all the html tags.
Does this website allow html tags in posting?
Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 31-07-2006, 05:24 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
Re: New member need some help....
here is the logfile from the BitDefender. I don't know if you can see it or not.


HTML Code:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF  leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
        <td width="458">
            <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender 
            Online Scanner</b></span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>
    <tr>
        <td colspan="3" width="912">
            <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated 
            at: Mon, Jul 31, 2006 - 11:17:50</b></span></font></p>
        </td>
    </tr>

	<tr>
        <td width="458">
            <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
            <p><font face="Arial"><span style="font-size:11pt;"><B>Scan 
            path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
            <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

    <tr>
        <td width="458">
                <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                    <tr>
                        <td width="451" colspan="2" bgcolor="#CCCCCC">
                            <p><font face="Arial" size="2"><B>Statistics</b></font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Time</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">01:42:02</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Files</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">321139</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Folders</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">5925</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Boot Sectors</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">4</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Archives</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">4271</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Packed Files</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">20754</font></p>
                        </td>
                    </tr>
                </table>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

   

	<tr>
        <td width="458">
                <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                    <tr>
                        <td width="451" colspan="2" bgcolor="#CCCCCC">
                            <p><font face="Arial" size="2"><B>Results</b></font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Identified Viruses </font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">2</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Infected Files </font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">5</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">0</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Warnings</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">0</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Disinfected</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">0</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Deleted Files</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">5</font></p>
                        </td>
                    </tr>
                </table>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
                <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                    <tr>
                        <td width="451" colspan="2" bgcolor="#CCCCCC">
                            <p><font face="Arial" size="2"><B>Engines Info</b></font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Virus Definitions</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">425545</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Engine build</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan plugins</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">13</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Archive plugins</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">39</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Unpack plugins</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">5</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">E-mail plugins</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">6</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">System&nbsp;plugins</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">1</font></p>
                        </td>
                    </tr>
                </table>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
                <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                    <tr>
                        <td width="451" colspan="2" bgcolor="#CCCCCC">
                            <p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">First Action</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Disinfect</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                        <p><font face="Arial" size="2">Second Action</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Delete</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Heuristics</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Enable Warnings</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
	                <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scanned Extensions</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">*;</font></p>
                        </td>
                    </tr>

                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Exclude Extensions</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">&nbsp;</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan Emails</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan Archives</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan Packed</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan Files</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                    <tr>
                        <td width="57%">
                            <p><font face="Arial" size="2">Scan Boot</font></p>
                        </td>
                        <td width="43%" align="right">
                            <p><font face="Arial" size="2">Yes</font></p>
                        </td>
                    </tr>
                </table>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td colspan=2> &nbsp;
                <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
                    <tr>
                        <td width="252" bgcolor="#CCCCCC">
                            <p><font face="Arial" size="2"><B>Scanned File</b></font></p>
                        </td>
                        <td width="195" bgcolor="#CCCCCC" align="right">
                        <p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
                        </td>
                    </tr>
                    <tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Disinfection failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Deleted</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Update failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Disinfection failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Deleted</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Update failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Disinfection failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Deleted</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Update failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Infected with: Win32.Sober.P@mm</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Disinfection failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt           .pif</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Deleted</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Updated</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Update failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Detected with:  Application.ProcKill.Jk</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Disinfection failed</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Deleted</font></p>
	</td>
</tr><tr>
	<td width="57%">
	<p><font face="Arial" size="2">D:\---MOVIES---\webrebates_install.exe=>(NSIS o)</font></p>
	</td>
	<td width="43%" align="left">
		<p><font face="Arial" size="2">Update failed</font></p>
	</td>
</tr>
                </table>
        </td>
       
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
            <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

	<tr>
        <td width="458">
            <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
        </td>
        <td width="40%">
            <p>&nbsp;</p>
        </td>
        <td width="10%">
            <p>&nbsp;</p>
        </td>
    </tr>

</table>
<p>&nbsp;</p>

</body>
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 31-07-2006, 06:44 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,520
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: New member need some help....
I need to see a different log from Bitdefender, it will allow to post the results. I can't make heads or tails out of that.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 31-07-2006, 09:50 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
Re: New member need some help....
How about now? Thanks.

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Infected with: Win32.Sober.P@mm

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Disinfection failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Deleted

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)=>error-mail_info.zip


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)=>[Subject: mailing error][Date: Mon, 02 May 2005 23:55:23 GMT]=>(MIME part)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 999)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx


Update failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif


Infected with: Win32.Sober.P@mm

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif


Disinfection failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip=>Winzipped-Text_Data.txt .pif


Deleted

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)=>our_secret.zip


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)=>[Subject: Re:][Date: Sat, 07 May 2005 18:02:58 GMT]=>(MIME part)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1000)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx


Update failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif


Infected with: Win32.Sober.P@mm

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif


Disinfection failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif


Deleted

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)=>account_info-text.zip


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)=>[Subject: Your Password][Date: Fri, 06 May 2005 11:59:29 GMT]=>(MIME part)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1002)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx


Update failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Infected with: Win32.Sober.P@mm

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Disinfection failed

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif


Deleted

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)=>error-mail_info.zip


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)=>[Subject: mailing error][Date: Thu, 05 May 2005 02:04:36 UTC]=>(MIME part)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1005)


Updated

C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities\{9510D638-8B64-4D36-926A-6939BD000C00}\Microsoft\Outlook Express\Deleted Items.dbx


Update failed

D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001


Detected with: Application.ProcKill.Jk

D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

D:\---MOVIES---\webrebates_install.exe=>(NSIS o)=>zlib_nsis0001


Deleted

D:\---MOVIES---\webrebates_install.exe=>(NSIS o)


Update failed
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 31-07-2006, 11:13 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,520
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: New member need some help....
Hi,

Thanks, evidently you got/had some infected email, might want to do some cleaning there.



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.




www.pandasoftware.com/activescan/

Internet Explorer Required
Please run this online virus scan: ActiveScan

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)
- Select either Home User or Company
* Click the big Scan Now button
* If/when you get a notice that Panda wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on Local Disks to start the scan
* When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop and post it back here please and a new hijackthis log as well. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 01-08-2006, 02:02 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 15
Discusman Is a beginner here at D-A-L
Re: New member need some help....
I noticed alot of infected files are from outlook express. I dont even use outlook express. So what's going on?

Here is saved list from HijackThis..

Thanks.

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Reader Chinese Traditional Fonts
Advanced JPEG Compressor 4.8
Alive Video Converter (version 1.9.8.6)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG Free Edition
BitComet 0.56
Browser Hijack Blaster v1.0
Canon CanoScan Toolbox 4.8
Citrix Web Client
CleanUp!
CT01_Trial_Master_Files
Dell Digital Jukebox Driver
Dell ResourceCD
Diablo II
Easy CD Creator 5 Basic
ewido anti-spyware 4.0
Half-Life: Counter-Strike
HijackThis 1.99.1
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
InterVideo WinDVD 4
iPhoto Plus 4
iPod Updater 2004-10-20
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Manual CanoScan 8400F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional with FrontPage
Motorola Phone Tools
MOV to AVI MPEG WMV Converter 1.4.2
Mozilla Firefox (1.5.0.5)
MSN Music Assistant
Netscape (7.2)
OfotoNow
OLYMPUS CAMEDIA Master 2.0
OmniPage SE 2.0
Picasa 2
PowerDVD
Presto! PageManager 6.11
QuickTime
RealArcade
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Skype 2.5
SoundMAX
Spybot - Search & Destroy 1.4
Steam
Turbo Lister
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Weather Pulse 2.05 build 31
WinAVI VideoConverter
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
ZoneAlarm
Last edited by Discusman; 01-08-2006 at 02:09 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Member with a Unmovable Trojan Behind StealthBD Spyware, Adware, Viruses and HijackThis Logs 10 11-03-2007 05:43 AM
Junior Member Space_Cowby Chat Room 2 21-02-2005 12:26 AM


All times are GMT +1. The time now is 08:04 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav