Thread: Suspicious virus alerts.
View Single Post
Old 06-25-2007, 10:47 PM   #1 (permalink)
QuinnG
Registered User
 
Join Date: Jun 2007
Posts: 4
OS: XP


Suspicious virus alerts.
Hello,

My husband was browsing online last night, and now this morning i've begun receiving some suspicious virus alerts that don't seem to originate from Windows itself or any antivirus programs I have installed. As well as that, my system has been very slow for about a week now, and when I play World of Warcraft, my lag speeds are suddenly huge, usually somewhere in the vicinity of 3000+.

Concerning the virus alerts, there are three different kinds. The first is a small icon that has appeared in my taskbar and it appears as a blue shield with a question mark, and every few seconds changes to a red shield with a cross on it. At random intervals, an alert will pop up from it, saying something like -

"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to download up-to-date antivirus software that will clean your system."

The second alert was similar in nature, though it hasn't popped up for a few hours now. To the best of my recollection, it said something like "*Virus name featuring the word Trojan* has been detected on your system - please click here to download antivirus tools to clean your system".

And the third I haven't seen myself, my husband told me that it mentioned something like "There are viruses detected on your system. Your computer may be running at only 50% speed. Please click here to fix this problem."

My husband is fairly computer illiterate, and he clicked on the taskbar icon, and it led him to a site called Spylocked.com.

I have run updated scans of Ad-Aware, Spybot and AVG, as well as the scans requested in the "5 Steps Before Posting". I've let those programs heal what they could, but the icon and the alerts are still appearing. Here are the logs -


Deckard's System Scanner v20070611.50
Run by Karrie Green on 2007-06-26 at 1304
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2007-06-26 03:36:07 UTC - RP371 - Deckard's System Scanner Restore Point
28: 2007-06-26 03:31:39 UTC - RP370 - Software Distribution Service 3.0
27: 2007-06-26 02:57:26 UTC - RP369 - Installed AVG 7.5
26: 2007-06-24 22:47:50 UTC - RP368 - Install AnyDVD
25: 2007-06-24 18:11:50 UTC - RP367 - System Checkpoint


-- First Restore Point --
1: 2007-05-28 11:57:51 UTC - RP343 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Karrie Green.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:08:21 PM, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Documents and Settings\Karrie Green\Desktop\dss.exe
C:\DOCUME~1\KARRIE~1\Desktop\Karrie Green.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B388136-9C8B-4441-9F26-4B9F07C00871}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4E82B-4D37-461C-A5C5-2D7C3395BDC3}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Scheduled Tasks -------------------------------------------------------------

2007-06-24 12:14:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-26 12:56:23 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-06-26 12:56:23 0 d-------- C:\Program Files\SpywareBlaster
2007-06-26 12:28:11 216 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-06-26 12:28:11 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-06-26 12:28:08 0 dr-h----- C:\$VAULT$.AVG
2007-06-26 12:27:48 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\AVG7
2007-06-26 12:27:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-06-26 12:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-26 12:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-06-26 12:10:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 12:10:21 0 d-------- C:\WINDOWS\LastGood
2007-06-26 0737 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-25 20:02:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-06-25 19:30:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-06-25 19:29:19 53248 --a------ C:\WINDOWS\system32\nmsdpgh.dll
2007-06-25 19:29:19 0 d-------- C:\Program Files\PopsMedia Site Adviser
2007-06-23 03:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-06-22 09:40:53 0 d-------- C:\Program Files\City of Heroes
2007-06-21 02:46:48 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2007-06-26 12:36:25 0 d-------- C:\Program Files\iTunes
2007-06-26 11:49:22 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\Skype
2007-06-25 08:45:59 0 d-------- C:\Program Files\World of Warcraft
2007-06-24 05:57:25 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\Azureus
2007-06-14 03:48:52 8192 --a-s---- C:\WINDOWS\system32\afkvvy.dll
2007-05-17 21:20:43 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\AdobeAUM
2007-05-17 21:20:41 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\Adobe
2007-05-17 21:17:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-12 11:36:47 0 d-------- C:\Documents and Settings\Karrie Green\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"zzGBK"="D:\\setup.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="bipinnatifid"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGEMS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGTDI


-- End of Deckard's System Scanner: finished at 2007-06-26 at 13:08:53 ---------



Panda log -




Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Mozilla\Firefox\Profiles\63488px6.default\cookies.txt[ad.yieldmanager.com/]
Virus:Trj/Downloader.OTR Disinfected C:\Documents and Settings\Karrie Green\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-51fc2049-7ad4d1b2.class
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-3d391afe.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Karrie Green\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-3d391afe.zip[NewURLClassLoader.class]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Karrie Green\Cookies\karrie green@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Karrie Green\Cookies\karrie__green@ccbill[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Karrie Green\Cookies\karrie__green@yadro[1].txt
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Karrie Green\Local Settings\Temp\a.exe
Virus:W32/Moonlight.K.worm Disinfected C:\Documents and Settings\Karrie Green\Local Settings\Temp\juan.dll
Potentially unwanted tool:Application/SpyLocked Not disinfected C:\Documents and Settings\Karrie Green\Local Settings\Temp\laf69B.tmp
Adware:Adware/2Search Not disinfected C:\Documents and Settings\Karrie Green\Local Settings\Temp\laf69D.tmp
Virus:Trj/Downloader.NIO Disinfected C:\Documents and Settings\Karrie Green\Local Settings\Temporary Internet Files\Content.IE5\WTOSD52Y\installdrivecleanerstart_btb[1].exe
Adware:Adware/2Search Not disinfected C:\Program Files\PopsMedia Site Adviser\vm5_killer.exe
Virus:Trj/Lowzones.TQ Disinfected C:\WINDOWS\system32\nmsdpgh.dll
Attached Files
File Type: txt extra.txt (11.3 KB, 1 views)
Last edited by QuinnG; 06-25-2007 at 11:08 PM.
QuinnG is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here