Can't stop Pop up Ads,they close other windows

Discussion in 'Computer Support' started by Thaqalain, Jun 13, 2005.

  1. Thaqalain

    Thaqalain Guest

    My Xp system was running very well with AOL dial-up/DSL,I was having
    Pop up Manager and Nortron Anti Virus,but none of them i/c AOL spyware
    able to completely stop ads attack till writing.
    It's 2nd day now,they are disturbing me intermittently,opening ads
    while I start work on page.These ads/viruses(?) took out Google Toolbar
    several times and removed or substituted it with Search forit toolbars.
    Today they closed several internet and hotmail windows,later system
    hanged on.This is happened despite I dowloaded Pop up Stopper free
    version.
    In my opinion this problem may be originated after pressing control to
    allow to open one of web site.
    How to restore/troubleshoot this?Is it pop up or virus?
     
    Thaqalain, Jun 13, 2005
    #1
    1. Advertising

  2. Thaqalain

    Ionizer Guest

    "Thaqalain" <> wrote in message
    news:...
    > My Xp system was running very well with AOL dial-up/DSL,I was having
    > Pop up Manager and Nortron Anti Virus,but none of them i/c AOL spyware
    > able to completely stop ads attack till writing.
    > It's 2nd day now,they are disturbing me intermittently,opening ads
    > while I start work on page.These ads/viruses(?) took out Google
    > Toolbar
    > several times and removed or substituted it with Search forit
    > toolbars.
    > Today they closed several internet and hotmail windows,later system
    > hanged on.This is happened despite I dowloaded Pop up Stopper free
    > version.
    > In my opinion this problem may be originated after pressing control to
    > allow to open one of web site.
    > How to restore/troubleshoot this?Is it pop up or virus?


    I'd guess that, as they said in Black Christmas, "the calls are coming
    from inside the house." You've probably inadvertently installed some
    adware on your system, and because you're using the XP firewall instead
    of a third-party firewall like Zone Alarm, this sotware is able to call
    out for and then display these popup ads.

    Try installing, updating and running Microsoft Antispyware:
    http://www.microsoft.com/athome/security/spyware/software/default.mspx
    or Lavasoft's AdAware: http://www.lavasoftusa.com/support/download/

    Both are free.

    Regards,
    Ian.
     
    Ionizer, Jun 13, 2005
    #2
    1. Advertising

  3. Thaqalain

    Thaqalain Guest

    Will I removed AOL Spyware;Popup Manager and Popup Stopper,prior to
    install microsoft antispyware?
     
    Thaqalain, Jun 13, 2005
    #3
  4. Thaqalain

    Ionizer Guest

    "Thaqalain" <> wrote in message
    news:...
    > Will I removed AOL Spyware;Popup Manager and Popup Stopper,prior to
    > install microsoft antispyware?


    I'm not familiar with AOL Spyware, but you shouldn't need to uninstall
    your other protective software or anything else in order to install the
    Microsoft program. Just do as you normally would when installing new
    software, like temporarily disabling your antivirus and closing other
    open programs.

    Microsoft Antispyware has a real-time protection option which you can
    disable if you like, so that you can run it on-demand as a backup to
    your other layers of protection. If that AOL program also offers
    real-time protection, you might want to disable one or the other once
    you've successfully removed what ever is serving you these popup ads.
    And since the AOL program has obviously allowed this problem to happen
    in the first place, I'd be questioning its value.

    Regards,
    Ian.
     
    Ionizer, Jun 13, 2005
    #4
  5. Thaqalain

    Guest

    http://www.sirseek.com/toolbar/ has a freeware popup stopper included
    that rids of majority of popups or it also has another app that stops
    all new windows from opening (yes, you won't even be able to open a
    link in a new window until you set down the settings), this is the most
    powerful popup/newwindow blocker I have encountered!

    This may not be your perfect solution, but its a solution I use once
    some spyware has taken over my play PC.

    Thanks;
    http://www.WHAK.com
     
    , Jun 13, 2005
    #5
  6. Thaqalain

    pcbutts1 Guest

    pcbutts1, Jun 13, 2005
    #6
  7. Thaqalain

    Thaqalain Guest

    I have downloaded Nortron Internet Security and after scanning it has
    found and reported follwing virus with a message "unable to repair this
    file" and access to file was denied.
    Bloodhound.W32.EP
    in my D folder (D/windows/systems32/elitemod32.exe)

    I don't want to chase this fearing further damage.

    Moreover,earlier at every restart of computer it is showing two
    separate windows stating:
    RUNDLL
    E6F1873B.DLL
    The specified module could not be found.
    --
    RUNDLL
    E6F1873B.DLL
    The specified module could not be found.

    Now,what should I do? As now i am having follwing tools to fight;
    AOL Spyware;
    Pop up Manager;
    Pop up Stopper Free;
    Nortron Antivirus including Ad blocker

    I think I must uninstall unnecessary softwares to see functionality of
    others.Do u agree?
     
    Thaqalain, Jun 14, 2005
    #7
  8. Thaqalain

    pcbutts1 Guest

    Download Hijack this, run it, save a copy of the log file and cut and paste
    it back here to the group so that it can be analyzed.

    HijackThis
    http://www.spywareinfo.com/~merijn/downloads.html


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    Sharpvision simply the best http://www.seedsv.com



    "Thaqalain" <> wrote in message
    news:...
    >I have downloaded Nortron Internet Security and after scanning it has
    > found and reported follwing virus with a message "unable to repair this
    > file" and access to file was denied.
    > Bloodhound.W32.EP
    > in my D folder (D/windows/systems32/elitemod32.exe)
    >
    > I don't want to chase this fearing further damage.
    >
    > Moreover,earlier at every restart of computer it is showing two
    > separate windows stating:
    > RUNDLL
    > E6F1873B.DLL
    > The specified module could not be found.
    > --
    > RUNDLL
    > E6F1873B.DLL
    > The specified module could not be found.
    >
    > Now,what should I do? As now i am having follwing tools to fight;
    > AOL Spyware;
    > Pop up Manager;
    > Pop up Stopper Free;
    > Nortron Antivirus including Ad blocker
    >
    > I think I must uninstall unnecessary softwares to see functionality of
    > others.Do u agree?
    >
     
    pcbutts1, Jun 14, 2005
    #8
  9. Thaqalain

    Thaqalain Guest

    There r many links when I opened it ,where should I click for
    downloading.
     
    Thaqalain, Jun 14, 2005
    #9
  10. Thaqalain

    pcbutts1 Guest

    pcbutts1, Jun 14, 2005
    #10
  11. Thaqalain

    Thaqalain Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 9:18:01 PM, on 6/13/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\WINDOWS\system32\wfxsnt40.exe
    D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    D:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    D:\WINDOWS\system32\exp.exe
    D:\WINDOWS\system32\wintask.exe
    D:\Program Files\Media Access\MediaAccK.exe
    D:\Program Files\Media Access\MediaAccess.exe
    D:\Program Files\Norton Internet Security\NISUM.EXE
    D:\WINDOWS\system32\nwcmsext.exe
    D:\WINDOWS\system32\vrnprr.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINDOWS\system32\winupdt.exe
    D:\WINDOWS\seeve.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\j6cb6v3t.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    D:\Program Files\Norton Internet Security\SymProxySvc.exe
    D:\WINDOWS\system\omgr.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\hotfoon4.exe
    D:\Program Files\Cas\Client\casclient.exe
    D:\WINDOWS\system32\WFXSVC.EXE
    D:\WINDOWS\system32\nmeg6.exe
    D:\Program Files\sf\sf.exe
    D:\WINDOWS\sfita.exe
    D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\PROGRA~1\POPUPM~1\POPUPS~1\POP-UP~1\PSFREE.EXE
    D:\Program Files\AOL 9.0a\aoltray.exe
    D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    D:\Program Files\AOL Companion\companion.exe
    D:\Program Files\Common Files\Adobe Systems
    Shared\Service\Adobelmsvc.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Norton Internet Security\IAMAPP.EXE
    D:\Program Files\Norton Internet Security\NISSERV.EXE
    D:\Program Files\Norton Antivirus\navapw32.exe
    D:\Program Files\Norton Antivirus\navapsvc.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Norton Internet Security\ATRACK.EXE
    D:\Program Files\Common Files\Symantec Shared\NMain.exe
    D:\Program Files\Norton Antivirus\Navw32.exe
    D:\Program Files\Norton Antivirus\Navw32.exe
    D:\Program Files\Norton Antivirus\QSERVER.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX21.188\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://p17.news.re2.yahoo.com/fc/World/Iraq
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://www.searchforit.com/searchbar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.searchforit.com/searchbar
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://searchmiracle.com/sp.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    =
    O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
    D:\WINDOWS\system32\vbrundll.dll
    O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} -
    D:\WINDOWS\system32\replaceSearch.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program

    files\google\googletoolbar1.dll
    O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} -
    D:\WINDOWS\system32\ca.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    D:\Program Files\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no
    file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - D:\Program Files\Norton

    Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common
    Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection]
    "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program
    Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN
    Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [PSof1] D:\WINDOWS\system32\PSof1.exe
    O4 - HKLM\..\Run: [exp.exe] D:\WINDOWS\system32\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] D:\WINDOWS\system32\wintask.exe
    O4 - HKLM\..\Run: [regsync] D:\WINDOWS\system32\regsync.exe
    O4 - HKLM\..\Run: [D:\WINDOWS\VCMnet11.exe] D:\WINDOWS\VCMnet11.exe
    O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitemod32.exe
    O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media
    Access\MediaAccK.exe
    O4 - HKLM\..\Run: [p44f36g] nwcmsext.exe
    O4 - HKLM\..\Run: [KavSvc] D:\WINDOWS\system32\vrnprr.exe reg_run
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe
    stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [winupdtl] D:\WINDOWS\system32\winupdt.exe
    O4 - HKLM\..\Run: [seeve] D:\WINDOWS\seeve.exe
    O4 - HKLM\..\Run: [j6cb6v3t] D:\WINDOWS\system32\j6cb6v3t.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
    Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet
    Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN
    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
    O4 - HKCU\..\Run: [CAS Client] "D:\Program
    Files\Cas\Client\casclient.exe"
    O4 - HKCU\..\Run: [Y3vpRWMmS] nmeg6.exe
    O4 - HKCU\..\Run: [sf] D:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] D:\WINDOWS\sfita.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
    "C:\PROGRA~1\POPUPM~1\POPUPS~1\POP-UP~1\PSFREE.EXE"
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL
    9.0a\aoltray.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL
    Companion\companion.exe
    O8 - Extra context menu item: &Google Search - res://D:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -
    res://D:\Program

    Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://D:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://D:\Program

    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program
    Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://D:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -
    res://D:\Program

    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    D:\Program

    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program

    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
    - D:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar -
    {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL

    Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello -
    {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program

    Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello -
    {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program

    Files\Hello\PicasaCapture.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: D:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
    http://64.55.105.205/Java/cfs31229.cab
    O16 - DPF: Jigsaw Detective by pogo -
    http://game1.pogo.com/applet-6.1.3.21/jigsaw/jigsaw-ob-assets.cab
    O16 - DPF: Yahoo! Graffiti -
    http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} -

    http://download.abetterinternet.com/download/cabs/BANDLL59/banner.cab
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
    http://www.alwaysupdatednews.com/install/aun_0018.exe
    O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -

    http://downloads.shopathomeselect.com/mamma/grinstall_mamma1004_sp2.cab
    O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl)
    -

    http://cabs.media-motor.net/cabs/joysaver.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    http://www.pacimedia.com/install/pcs_0006.exe
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{79C85D60-21FA-4F22-8B2F-162EB9CC403A}:
    NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program
    Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
    Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown
    owner -

    D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    Symantec Corporation - D:\Program Files\Norton

    Antivirus\navapsvc.exe
    O23 - Service: Norton Internet Security Service (NISSERV) - Symantec
    Corporation - D:\Program Files\Norton Internet

    Security\NISSERV.EXE
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
    Symantec Corporation - D:\Program Files\Norton

    Internet Security\NISUM.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation -

    D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - D:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) -
    Symantec Corporation - D:\Program Files\Norton

    Internet Security\SymProxySvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    D:\Program Files\Common Files\Symantec

    Shared\Security Center\SymWSC.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
    D:\WINDOWS\system32\WFXSVC.EXE
     
    Thaqalain, Jun 14, 2005
    #11
  12. Thaqalain

    Thaqalain Guest

    I am pasting some useful info from another forum, I need to know what
    should I do in my case?

    How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    I am on my friends computer at the moment, and she has got this virus
    thingy called elitemmod32.exe, i have tried to delete it with avast
    virus scanner, didnt work. I tried to kill it by taking it off the ms
    config startup list, and then deleting it with hijack this, didnt work,
    what can i do? arrghh.
    Thanks.
    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    Tried any online scanning tools?
    Or any of the anti spyware/antivirus tools in the list here:
    http://club.cdfreaks.com/showthread.php?t=128075?

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    The EliteBar is a BHO (Browser Helper Object) for Internet Explorer.
    This program was manually installed by the user.
    First, uninstall it from Add/Remove Programs the do a search for
    EliteBar.

    Some of my search results:
    http://www.kephyr.com/spywarescanne...bar/index.phtml
    http://securityresponse.symantec.co...e.elitebar.html
    http://www.spywareguide.com/product_show.php?id=1124
    http://www3.ca.com/securityadvisor/...px?id=453088667
    http://www.tenebril.com/src/info.php?id=441955900
    http://www.spywareremove.com/removeEliteBar.html

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    http://www.d-a-l.com/help/archive/i...hp/t-16330.html

    A good worked example of finding/killing with HJT - note the evil scum
    hiding tactics!

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    usually doing the scanning from safemode is helpful/necessary if the
    spyware is designed well.
    __________________
    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    did you make sure you had system restore turned of as it will be hiding
    in there as well

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    Reboot in safemode and try again. If windows explorer won't let you
    delete it, try it in command prompt. You might be able to use xp
    recovery console as a last result.
     
    Thaqalain, Jun 14, 2005
    #12
  13. Thaqalain

    Thaqalain Guest

    I am pasting some useful info from another forum, I need to know what
    should I do in my case?

    How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    I am on my friends computer at the moment, and she has got this virus
    thingy called elitemmod32.exe, i have tried to delete it with avast
    virus scanner, didnt work. I tried to kill it by taking it off the ms
    config startup list, and then deleting it with hijack this, didnt work,
    what can i do? arrghh.
    Thanks.
    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    Tried any online scanning tools?
    Or any of the anti spyware/antivirus tools in the list here:
    http://club.cdfreaks.com/showthread.php?t=128075?

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    The EliteBar is a BHO (Browser Helper Object) for Internet Explorer.
    This program was manually installed by the user.
    First, uninstall it from Add/Remove Programs the do a search for
    EliteBar.

    Some of my search results:
    http://www.kephyr.com/spywarescanne...bar/index.phtml
    http://securityresponse.symantec.co...e.elitebar.html
    http://www.spywareguide.com/product_show.php?id=1124
    http://www3.ca.com/securityadvisor/...px?id=453088667
    http://www.tenebril.com/src/info.php?id=441955900
    http://www.spywareremove.com/removeEliteBar.html

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    http://www.d-a-l.com/help/archive/i...hp/t-16330.html

    A good worked example of finding/killing with HJT - note the evil scum
    hiding tactics!

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    usually doing the scanning from safemode is helpful/necessary if the
    spyware is designed well.
    __________________
    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    did you make sure you had system restore turned of as it will be hiding
    in there as well

    Re: How do i kill Elitemod32.exe?

    --------------------------------------------------------------------------------

    Reboot in safemode and try again. If windows explorer won't let you
    delete it, try it in command prompt. You might be able to use xp
    recovery console as a last result.
     
    Thaqalain, Jun 14, 2005
    #13
  14. Thaqalain

    Thaqalain Guest

    Following is NAV Activity log:

    Date: 6/13/2005, Time: 21:55:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:55:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:20, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:20, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:20, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:20, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:30, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:30, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:30, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:30, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:40, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:40, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:40, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:40, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:56:50, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:00, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:10, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:57:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:58:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:12, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:22, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:32, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:42, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 21:59:52, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:02, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:00:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:10, Administrator on FIZZAHFA-GRJTXU
    The file D:\WINDOWS\system32\temperror32.dat is infected with the
    Bloodhound.W32.EP virus.
    The file was quarantined.



    Date: 6/13/2005, Time: 22:01:10, Administrator on FIZZAHFA-GRJTXU
    Virus scanning completed.
    Master boot records:
    Scanned: 1
    Infected: 0
    Repaired: 0
    Boot records:
    Scanned: 2
    Infected: 0
    Repaired: 0
    Files:
    Scanned: 130237
    Infected: 1
    Repaired: 0
    Quar'ed: 1
    Deleted: 0

    Date: 6/13/2005, Time: 22:01:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:34, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:44, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:01:54, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:04, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:08, Administrator on FIZZAHFA-GRJTXU
    The file D:\WINDOWS\system32\temperror32.dat is infected with the
    Bloodhound.W32.EP virus.
    Unable to delete the file.



    Date: 6/13/2005, Time: 22:02:08, Administrator on FIZZAHFA-GRJTXU
    Virus scanning completed.
    Master boot records:
    Scanned: 1
    Infected: 0
    Repaired: 0
    Boot records:
    Scanned: 2
    Infected: 0
    Repaired: 0
    Files:
    Scanned: 130237
    Infected: 1
    Repaired: 0
    Quar'ed: 0
    Deleted: 0

    Date: 6/13/2005, Time: 22:02:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:14, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:24, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:56, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:56, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:56, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:02:56, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:06, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:06, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:06, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:06, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:16, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:16, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:16, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:16, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:26, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:36, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.


    Date: 6/13/2005, Time: 22:03:46, Administrator on FIZZAHFA-GRJTXU
    The file
    D:\windows\system32\elitemod32.exe
    is infected with the Bloodhound.W32.EP virus.
    Access to the file was denied.
     
    Thaqalain, Jun 14, 2005
    #14
  15. Thaqalain

    pcbutts1 Guest

    Daaaaamn! Dump norton and get Avast. www.avast.com
    Have Hijackthis fix the following lines

    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\exp.exe
    D:\WINDOWS\system32\wintask.exe
    D:\Program Files\Media Access\MediaAccK.exe
    D:\Program Files\Media Access\MediaAccess.exe

    D:\WINDOWS\system32\nwcmsext.exe
    D:\WINDOWS\system32\vrnprr.exe
    D:\WINDOWS\system32\winupdt.exe
    D:\WINDOWS\seeve.exe

    D:\WINDOWS\system32\j6cb6v3t.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe

    D:\WINDOWS\system\omgr.exe
    C:\Program Files\hotfoon4.exe
    D:\Program Files\Cas\Client\casclient.exe

    D:\WINDOWS\system32\nmeg6.exe
    D:\Program Files\sf\sf.exe
    D:\WINDOWS\sfita.exe
    D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://www.searchforit.com/searchbar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.searchforit.com/searchbar
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://searchmiracle.com/sp.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    =
    O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
    D:\WINDOWS\system32\vbrundll.dll
    O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} -
    D:\WINDOWS\system32\replaceSearch.dll
    O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} -
    D:\WINDOWS\system32\ca.dll
    O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no
    file)

    O4 - HKLM\..\Run: [PSof1] D:\WINDOWS\system32\PSof1.exe
    O4 - HKLM\..\Run: [exp.exe] D:\WINDOWS\system32\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] D:\WINDOWS\system32\wintask.exe
    O4 - HKLM\..\Run: [regsync] D:\WINDOWS\system32\regsync.exe
    O4 - HKLM\..\Run: [D:\WINDOWS\VCMnet11.exe] D:\WINDOWS\VCMnet11.exe
    O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitemod32.exe
    O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media
    Access\MediaAccK.exe
    O4 - HKLM\..\Run: [p44f36g] nwcmsext.exe
    O4 - HKLM\..\Run: [KavSvc] D:\WINDOWS\system32\vrnprr.exe reg_run
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe
    stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [winupdtl] D:\WINDOWS\system32\winupdt.exe
    O4 - HKLM\..\Run: [seeve] D:\WINDOWS\seeve.exe
    O4 - HKLM\..\Run: [j6cb6v3t] D:\WINDOWS\system32\j6cb6v3t.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
    Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
    O4 - HKCU\..\Run: [CAS Client] "D:\Program
    Files\Cas\Client\casclient.exe"
    O4 - HKCU\..\Run: [Y3vpRWMmS] nmeg6.exe
    O4 - HKCU\..\Run: [sf] D:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] D:\WINDOWS\sfita.exe
    O8 - Extra context menu item: Convert link target to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program
    Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF -
    res://D:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
    http://64.55.105.205/Java/cfs31229.cab
    O16 - DPF: Jigsaw Detective by pogo -
    http://game1.pogo.com/applet-6.1.3.21/jigsaw/jigsaw-ob-assets.cab
    O16 - DPF: Yahoo! Graffiti -
    http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} -

    http://download.abetterinternet.com/download/cabs/BANDLL59/banner.cab
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
    http://www.alwaysupdatednews.com/install/aun_0018.exe
    O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -

    http://downloads.shopathomeselect.com/mamma/grinstall_mamma1004_sp2.cab
    O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl)
    -

    http://cabs.media-motor.net/cabs/joysaver.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    http://www.pacimedia.com/install/pcs_0006.exe
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{79C85D60-21FA-4F22-8B2F-162EB9CC403A}:
    NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program
    Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    When that is done you MUST Download, install, update and run all of the
    following. You have way to much crap on your system.

    Ad-Aware
    http://www.lavasoftusa.com/software/adaware/

    Spybot search and destroy
    http://www.safer-networking.org/en/download/

    Microsoft Windows AntiSpyware (Beta)
    http://www.microsoft.com/athome/security/spyware/software/default.mspx



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    Sharpvision simply the best http://www.seedsv.com



    "Thaqalain" <> wrote in message
    news:...
    > Logfile of HijackThis v1.99.1
    > Scan saved at 9:18:01 PM, on 6/13/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > D:\WINDOWS\System32\smss.exe
    > D:\WINDOWS\system32\winlogon.exe
    > D:\WINDOWS\system32\services.exe
    > D:\WINDOWS\system32\lsass.exe
    > D:\WINDOWS\system32\svchost.exe
    > D:\WINDOWS\System32\svchost.exe
    > D:\WINDOWS\Explorer.EXE
    > D:\WINDOWS\system32\spoolsv.exe
    > D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
    > D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > D:\WINDOWS\system32\wfxsnt40.exe
    > D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    > D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    > D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    > D:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    > D:\WINDOWS\system32\exp.exe
    > D:\WINDOWS\system32\wintask.exe
    > D:\Program Files\Media Access\MediaAccK.exe
    > D:\Program Files\Media Access\MediaAccess.exe
    > D:\Program Files\Norton Internet Security\NISUM.EXE
    > D:\WINDOWS\system32\nwcmsext.exe
    > D:\WINDOWS\system32\vrnprr.exe
    > D:\WINDOWS\system32\rundll32.exe
    > D:\Program Files\QuickTime\qttask.exe
    > D:\WINDOWS\system32\winupdt.exe
    > D:\WINDOWS\seeve.exe
    > D:\WINDOWS\System32\svchost.exe
    > D:\WINDOWS\system32\j6cb6v3t.exe
    > C:\Program Files\AutoUpdate\AutoUpdate.exe
    > D:\Program Files\Norton Internet Security\SymProxySvc.exe
    > D:\WINDOWS\system\omgr.exe
    > D:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    > D:\Program Files\MSN Messenger\MsnMsgr.Exe
    > C:\Program Files\hotfoon4.exe
    > D:\Program Files\Cas\Client\casclient.exe
    > D:\WINDOWS\system32\WFXSVC.EXE
    > D:\WINDOWS\system32\nmeg6.exe
    > D:\Program Files\sf\sf.exe
    > D:\WINDOWS\sfita.exe
    > D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    > C:\PROGRA~1\POPUPM~1\POPUPS~1\POP-UP~1\PSFREE.EXE
    > D:\Program Files\AOL 9.0a\aoltray.exe
    > D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    > D:\Program Files\AOL Companion\companion.exe
    > D:\Program Files\Common Files\Adobe Systems
    > Shared\Service\Adobelmsvc.exe
    > D:\WINDOWS\system32\wscntfy.exe
    > D:\Program Files\Norton Internet Security\IAMAPP.EXE
    > D:\Program Files\Norton Internet Security\NISSERV.EXE
    > D:\Program Files\Norton Antivirus\navapw32.exe
    > D:\Program Files\Norton Antivirus\navapsvc.exe
    > D:\Program Files\Internet Explorer\iexplore.exe
    > D:\Program Files\Norton Internet Security\ATRACK.EXE
    > D:\Program Files\Common Files\Symantec Shared\NMain.exe
    > D:\Program Files\Norton Antivirus\Navw32.exe
    > D:\Program Files\Norton Antivirus\Navw32.exe
    > D:\Program Files\Norton Antivirus\QSERVER.EXE
    > D:\Program Files\Internet Explorer\iexplore.exe
    > D:\Program Files\WinRAR\WinRAR.exe
    > D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX21.188\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    > http://searchmiracle.com/sp.php
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://p17.news.re2.yahoo.com/fc/World/Iraq
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = http://www.searchforit.com/searchbar
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://www.searchforit.com/searchbar
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > http://searchmiracle.com/sp.php
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    > =
    > O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
    > D:\WINDOWS\system32\vbrundll.dll
    > O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} -
    > D:\WINDOWS\system32\replaceSearch.dll
    > O2 - BHO: Google Toolbar Helper -
    > {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program
    >
    > files\google\googletoolbar1.dll
    > O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} -
    > D:\WINDOWS\system32\ca.dll
    > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    > D:\Program Files\Norton Antivirus\NavShExt.dll
    > O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no
    > file)
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    > d:\program files\google\googletoolbar1.dll
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    > - D:\Program Files\Norton
    >
    > Antivirus\NavShExt.dll
    > O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    > Files\Real\Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    > O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common
    > Files\AOL\ACS\AOLDial.exe
    > O4 - HKLM\..\Run: [AOL Spyware Protection]
    > "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    > O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program
    > Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    > O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN
    > Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    > O4 - HKLM\..\Run: [PSof1] D:\WINDOWS\system32\PSof1.exe
    > O4 - HKLM\..\Run: [exp.exe] D:\WINDOWS\system32\exp.exe
    > O4 - HKLM\..\Run: [WinTask driver] D:\WINDOWS\system32\wintask.exe
    > O4 - HKLM\..\Run: [regsync] D:\WINDOWS\system32\regsync.exe
    > O4 - HKLM\..\Run: [D:\WINDOWS\VCMnet11.exe] D:\WINDOWS\VCMnet11.exe
    > O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitemod32.exe
    > O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media
    > Access\MediaAccK.exe
    > O4 - HKLM\..\Run: [p44f36g] nwcmsext.exe
    > O4 - HKLM\..\Run: [KavSvc] D:\WINDOWS\system32\vrnprr.exe reg_run
    > O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe
    > stlb2.dll,DllRunMain
    > O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    > E6F1873B.DLL,D9EBC318C
    > O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    > O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [winupdtl] D:\WINDOWS\system32\winupdt.exe
    > O4 - HKLM\..\Run: [seeve] D:\WINDOWS\seeve.exe
    > O4 - HKLM\..\Run: [j6cb6v3t] D:\WINDOWS\system32\j6cb6v3t.exe
    > O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
    > Files\AutoUpdate\AutoUpdate.exe"
    > O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet
    > Security\IAMAPP.EXE
    > O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    > O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN
    > Messenger\MsnMsgr.Exe" /background
    > O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
    > O4 - HKCU\..\Run: [CAS Client] "D:\Program
    > Files\Cas\Client\casclient.exe"
    > O4 - HKCU\..\Run: [Y3vpRWMmS] nmeg6.exe
    > O4 - HKCU\..\Run: [sf] D:\Program Files\sf\sf.exe
    > O4 - HKCU\..\Run: [sfita] D:\WINDOWS\sfita.exe
    > O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
    > "C:\PROGRA~1\POPUPM~1\POPUPS~1\POP-UP~1\PSFREE.EXE"
    > O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL
    > 9.0a\aoltray.exe
    > O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    > O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL
    > Companion\companion.exe
    > O8 - Extra context menu item: &Google Search - res://D:\Program
    > Files\Google\GoogleToolbar1.dll/cmsearch.html
    > O8 - Extra context menu item: &Translate English Word -
    > res://D:\Program
    >
    > Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    > O8 - Extra context menu item: Backward Links - res://D:\Program
    > Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page -
    > res://D:\Program
    >
    > Files\Google\GoogleToolbar1.dll/cmcache.html
    > O8 - Extra context menu item: Convert link target to Adobe PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    > O8 - Extra context menu item: Convert link target to existing PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    > O8 - Extra context menu item: Convert selected links to Adobe PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    > O8 - Extra context menu item: Convert selected links to existing PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    > O8 - Extra context menu item: Convert selection to Adobe PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    > O8 - Extra context menu item: Convert selection to existing PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    > O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program
    > Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    > O8 - Extra context menu item: Convert to existing PDF -
    > res://D:\Program Files\Adobe\Acrobat
    >
    > 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    > O8 - Extra context menu item: Similar Pages - res://D:\Program
    > Files\Google\GoogleToolbar1.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate Page into English -
    > res://D:\Program
    >
    > Files\Google\GoogleToolbar1.dll/cmtrans.html
    > O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    > D:\Program
    >
    > Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
    >
    > Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
    > - D:\Program Files\AOL Toolbar\toolbar.dll
    > O9 - Extra 'Tools' menuitem: AOL Toolbar -
    > {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL
    >
    > Toolbar\toolbar.dll
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: Share in Hello -
    > {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program
    >
    > Files\Hello\PicasaCapture.dll
    > O9 - Extra 'Tools' menuitem: Share in H&ello -
    > {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program
    >
    > Files\Hello\PicasaCapture.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > D:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program
    >
    > Files\Messenger\msmsgs.exe
    > O12 - Plugin for .spop: D:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O15 - Trusted Zone: *.media-motor.net
    > O15 - Trusted Zone: *.popuppers.com
    > O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
    > http://64.55.105.205/Java/cfs31229.cab
    > O16 - DPF: Jigsaw Detective by pogo -
    > http://game1.pogo.com/applet-6.1.3.21/jigsaw/jigsaw-ob-assets.cab
    > O16 - DPF: Yahoo! Graffiti -
    > http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    > O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} -
    >
    > http://download.abetterinternet.com/download/cabs/BANDLL59/banner.cab
    > O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
    > http://www.alwaysupdatednews.com/install/aun_0018.exe
    > O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -
    >
    > http://downloads.shopathomeselect.com/mamma/grinstall_mamma1004_sp2.cab
    > O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl)
    > -
    >
    > http://cabs.media-motor.net/cabs/joysaver.cab
    > O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    > http://www.pacimedia.com/install/pcs_0006.exe
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{79C85D60-21FA-4F22-8B2F-162EB9CC403A}:
    > NameServer = 205.188.146.145
    > O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: Adobe LM Service - Adobe Systems - D:\Program
    > Files\Common Files\Adobe Systems
    >
    > Shared\Service\Adobelmsvc.exe
    > O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
    > Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
    > O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown
    > owner -
    >
    > D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    > Symantec Corporation - D:\Program Files\Norton
    >
    > Antivirus\navapsvc.exe
    > O23 - Service: Norton Internet Security Service (NISSERV) - Symantec
    > Corporation - D:\Program Files\Norton Internet
    >
    > Security\NISSERV.EXE
    > O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
    > Symantec Corporation - D:\Program Files\Norton
    >
    > Internet Security\NISUM.EXE
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec
    > Corporation -
    >
    > D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - D:\Program Files\Common
    >
    > Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) -
    > Symantec Corporation - D:\Program Files\Norton
    >
    > Internet Security\SymProxySvc.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    > D:\Program Files\Common Files\Symantec
    >
    > Shared\Security Center\SymWSC.exe
    > O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
    > D:\WINDOWS\system32\WFXSVC.EXE
    >
     
    pcbutts1, Jun 14, 2005
    #15
  16. Thaqalain

    pcbutts1 Guest

    Re: felch-queen punishes male slaves

    pcbutts1, <>, the smelly, cursed queen, and pit
    winch operator, swore:

    > Sperm hungry anus-queen requires dirty-minded faggot's moll with
    > oversized fucking-tool to enforce disgraceful cum-freaking.
     
    pcbutts1, Jun 14, 2005
    #16
  17. Thaqalain

    Thaqalain Guest

    Re: felch-queen punishes male slaves

    Have Hijackthis fix the following lines ? How?
    I am going to have Bell Sympatico DSL service today,will be downloaded
    today.
    So,tell me if any step I can avoid for dowloading from your list.
    Thanks a lot
     
    Thaqalain, Jun 14, 2005
    #17
  18. Thaqalain

    Unk Guest

    Unk, Jun 14, 2005
    #18
  19. Thaqalain

    Ionizer Guest

    Re: felch-queen punishes male slaves

    "Thaqalain" <> wrote in message
    news:...
    > Have Hijackthis fix the following lines ? How?
    > I am going to have Bell Sympatico DSL service today,will be downloaded
    > today.
    > So,tell me if any step I can avoid for dowloading from your list.
    > Thanks a lot


    Arguably the best place to post HijackThis logs is in the Tom Cotote
    forums: http://forums.tomcoyote.org/ It can take a couple of days to
    receive a response, though. If you delete the wrong things using
    HijackThis, you can really screw things up.

    It looks like your HijackThis scan has found some adware/spyware on your
    system by the name of MediaAccess: http://davidarussell.co.uk/?p=92

    Earlier I recommended a couple of tools to try, but the one I think
    you'll find easiest to deal with and which *should* be able to detect
    and remove this thing is AdAware from Lavasoft:
    http://www.lavasoftusa.com/support/download/ Install it, update its
    "reference file" and scan your system with it. AdAware by default
    quarantines everything you tell it to remove, so unlike with HijackThis,
    you're working with a safety net. You'll find that Adaware has a
    similar look and feel to an on-demand antivirus program. The first time
    you run it, it will probably find a lot of things that it doesn't like
    on your system.

    Regards,
    Ian.
     
    Ionizer, Jun 14, 2005
    #19
  20. Thaqalain

    pcbutts1 Guest

    Run Hijackthis again then place a check in the box next to each item in the
    list I gave you and click "Fix Checked"

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    Sharpvision simply the best http://www.seedsv.com



    "Thaqalain" <> wrote in message
    news:...
    > Have Hijackthis fix the following lines ? How?
    > I am going to have Bell Sympatico DSL service today,will be downloaded
    > today.
    > So,tell me if any step I can avoid for dowloading from your list.
    > Thanks a lot
    >
     
    pcbutts1, Jun 14, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Impmon
    Replies:
    3
    Views:
    3,526
    Impmon
    Jun 15, 2005
  2. Hells-Bells

    Pop Up ads

    Hells-Bells, Jul 1, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    629
    Dan Slade
    Jul 1, 2003
  3. Use.Netuser.01

    Re: pop up ads aaaaaaagh

    Use.Netuser.01, Jul 26, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    427
    Baron Von Reeve
    Jul 26, 2003
  4. Mary
    Replies:
    2
    Views:
    455
    ┬░Mike┬░
    Oct 25, 2004
  5. Smoker~

    Can't stop popup ads

    Smoker~, May 21, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    1,927
    Smoker~
    May 21, 2005
Loading...

Share This Page