Bloodhound virus 2

[Eprice]

Hi,
Norton tells me I have the Bloodhound.HybridCOM virus on my computer. I called Norton tech support but they want to charge me 69.99 for instructions to manually remove this virus even tho I already bought their program and spent another 29.99 renewing it. I did find some (free)google instructions that came from Symantic, but everything it says to look for is not on my computer. Does anybody know how or where I can get the instructions for free. I don't want to give them any more money.
Thanks
Lisa

 

[pechenegs]

Where is Norton finding this file give it's full location?

The last time I dealt wuth this it was a false postive or technology used by Norton to find viruses!

http://www.sarc.com/avcenter/venc/data/bloodhound.html

Run a few scans here below at the links and post the logs which they produce!



Make sure your ActiveX controls are set as follows:

Go to Internet Options - Security - Internet, press 'default level', then OK.
Now press "Custom Level."

In the ActiveX section, set the first two options (Download signed and
unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
controls not marked as safe" to 'disable'.


Active X settings

http://www.compu-docs.com/activex.htm

Run an online antivirus check from

http://www.kaspersky.com/virusscanner

choose extended database for the scan!


Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!




Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.





post a hijack this log, the kaspersky and active scan logs



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[Eprice]

I'm not sure what you mean by post it under the name khazars but I do have the log files ready.
Lisa

 

[stduc]

[navy]Eprice[/navy]
[navy]pechenegs[/navy] means he is a member of ASAP Alliance of Security Analysis Professionals and uses the name "khazars" to post there.

Post the hijack this & active scan logs in this thread using cut & paste.

 

[Eprice]

Okay, This is the results I got (Thank you so much for the help)

Kaspersky:
Total number of scanned objects 60693
Number of viruses found 10
Number of infected objects 30 / 0
Number of suspicious objects 0
Duration of the scan process 01:33:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
Object is locked
skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
Object is locked
skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Object is locked
skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
Object is locked
skipped

C:\Documents and Settings\All Users\Application DataSymantec\LiveUpdate\2006-07-26_Log.ALUSchedulerSvc.LiveUpdate
Object is locked
skipped

C:\Documents and Settings\Default User\Local Settings\Temp\__unin__.exe
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Documents and Settings\Guest\Local Settings\Temp\__unin__.exe
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Documents and Settings\LocalService\Local Settings\Application DataMicrosoft\Windows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Application DataMicrosoft\Windows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\TempTemporary Internet Files\Content.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG
Object is locked
skipped

C:\Documents and Settings\NetworkService\Local Settings\Application DataMicrosoft\Windows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\NetworkService\Local Settings\Application DataMicrosoft\Windows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Object is locked
skipped

C:\Documents and Settings\Owner\Application Data\Microsoft\MSNIA\Journal.Dat
Object is locked
skipped

C:\Documents and Settings\Owner\Cookies\index.dat
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\MicrosoftMSN\db\lprice002-msn-com.sdf
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\MicrosoftWindows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\MicrosoftWindows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\Temp\fdr2992.fdr
Object is locked
skipped

C:\Documents and Settings\Owner\Local Settings\Temp\__unin__.exe
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet FilesContent.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\Owner\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG
Object is locked
skipped

C:\eied_s7.cab/eied_s7_c_49.exe
Infected: Trojan-Downloader.Win32.Mediket.ct
skipped

C:\eied_s7.cab CAB: infected - 1
skipped

C:\hp\bin\KillWind.exe
Infected: not-a-virus:RiskTool.Win32.PsKill.p
skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SPPolicy.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SPStart.log
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\SPStop.log
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\chandir.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\chandir.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\chn.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\chn.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\D0000000.FCS
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\inuse.txt
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\L0000014.FCS
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\main.log
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_die.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_die.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.idx
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\storydb.dat
Object is locked
skipped

C:\Program Files\hp center\137903\Users\Default\Data\storydb.idx
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\calendar.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\mail.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\market.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\market16.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\miadv.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\mibas.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\printing.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\qos.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\themedef.mar
Object is locked
skipped

C:\Program Files\MSN\MSNCoreFiles\themedef16.mar
Object is locked
skipped

C:\Program Files\MSN\MsnInstaller\install.mar
Object is locked
skipped

C:\Program Files\Norton AntiVirus\AVApp.log
Object is locked
skipped

C:\Program Files\Norton AntiVirus\AVError.log
Object is locked
skipped

C:\Program Files\Norton AntiVirus\AVVirus.log
Object is locked
skipped

C:\Program Files\Norton AntiVirus\Quarantine\0D44615E.exe
Infected: Trojan-Downloader.Win32.Pacer.c
skipped

C:\Program Files\Norton AntiVirus\Quarantine\0D470B5B.exe
Infected: Trojan-Downloader.Win32.Pacer.c
skipped

C:\Program Files\Norton AntiVirus\Quarantine\0F635DBD.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AC45FC1.exe
Infected: Trojan-Downloader.Win32.IstBar.gen
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AC709BD.exe
Infected: Trojan-Downloader.Win32.IstBar.gen
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2ACE5DB6.exe
Infected: Trojan-Downloader.Win32.IstBar.gen
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AD107B2.cab/sysdetect.dll
Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AD107B2.cab CAB: infected - 1
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AD107B2.cab CryptFF: infected - 1
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2DE608E2.exe
Infected: Trojan-Downloader.Win32.Agent.jq
skipped

C:\Program Files\Norton AntiVirus\Quarantine\2DE932DE.exe
Infected: Trojan-Downloader.Win32.Agent.jq
skipped

C:\Program Files\Norton AntiVirus\Quarantine\3A8B4A67.htm
Infected: Exploit.HTML.Mht
skipped

C:\Program Files\Norton AntiVirus\Quarantine\3C820C3E.htm
Infected: Exploit.HTML.Mht
skipped

C:\Program Files\Norton AntiVirus\Quarantine\3D9F3956.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\Norton AntiVirus\Quarantine\3F8C1E88.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\Norton AntiVirus\Quarantine\48740FFA.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\Norton AntiVirus\Quarantine\53AB0928.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\Norton AntiVirus\Quarantine\74ED1172.exe
Infected: Backdoor.Win32.Rbot.aqo
skipped

C:\Program Files\Norton AntiVirus\Quarantine\74F3656B.exe
Infected: Backdoor.Win32.Rbot.aqo
skipped

C:\Program Files\Norton AntiVirus\Quarantine\7B153EEF.dll
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\Program Files\PgcEdit\bin\pskill.exe
Infected: not-a-virus:RiskTool.Win32.PsKill.k
skipped

C:\Program Files\PgcEdit\pgcedit.exe/Tcl/work/PGCEDIT/bin/pskill.exe
Infected: not-a-virus:RiskTool.Win32.PsKill.k
skipped

C:\Program Files\PgcEdit\pgcedit.exe ZIP: infected - 1
skipped

C:\WINDOWS\Debug\oakley.log
Object is locked
skipped

C:\WINDOWS\Debug\PASSWD.LOG
Object is locked
skipped

C:\WINDOWS\ModemLog_Lucent Win Modem.txt
Object is locked
skipped

C:\WINDOWS\SchedLgU.Txt
Object is locked
skipped

C:\WINDOWS\SoftwareDistribution\EventCache{075FAC1E-A1B6-4904-8684-88783B5A5F0C}.bin
Object is locked
skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Object is locked
skipped

C:\WINDOWS\Sti_Trace.log
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\default
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\default.LOG
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SAM
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SECURITY
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\software
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\software.LOG
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\system
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\system.LOG
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\HistoryHistory.IE5\index.dat
Object is locked
skipped

C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\__unin__.exe
Infected: not-a-virus:AdWare.Win32.Altnet.b
skipped

C:\WINDOWS\SYSTEM32\config\systemprofile\Local SettingsTemporary Internet Files\Content.IE5\index.dat
Object is locked
skipped

C:\WINDOWS\SYSTEM32\h323log.txt
Object is locked
skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR
Object is locked
skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA
Object is locked
skipped

C:\WINDOWS\wiadebug.log
Object is locked
skipped

C:\WINDOWS\wiaservc.log
Object is locked
skipped

C:\WINDOWS\WindowsUpdate.log
Object is locked
skipped

Scan process completed.


Active Scan results (I deleted the cookies already):
Incident Status Location
Dialer:dialer.baj
Not disinfected
c:\eied_s7.cab

Potentially unwanted tool:application/bestoffer
Not disinfected
c:\windows\smdat32m.sys

Spyware:Cookie/Abetterinternet
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@abetterinternet[1].txt

Spyware:Cookie/Atwola
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@atwola[1].txt

Spyware:Cookie/Enhance
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@c.enhance[1].txt

Spyware:Cookie/GoStats
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@c2.gostats[2].txt

Spyware:Cookie/Com.com
Not disinfected C:\Documents and Settings\Default User\Cookies\owner@com[2].txt

Spyware:Cookie/Kazaa Networks
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@desktop.kazaa[1].txt

Spyware:Cookie/Go
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@go[1].txt

Spyware:Cookie/Kount
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@kount[2].txt

Spyware:Cookie/Mircx
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@pop.mircx[1].txt

Spyware:Cookie/Rightmedia
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@rightmedia[1].txt

Spyware:Cookie/Rn11
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@rn11[1].txt

Spyware:Cookie/Tickle
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@web.tickle[1].txt

Spyware:Cookie/BurstBeacon
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@www.burstbeacon[2].txt

Spyware:Cookie/myaffiliateprogram
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@www.myaffiliateprogram[1].txt

Spyware:Cookie/web-stat
Not disinfected
C:\Documents and Settings\Default User\Cookies\owner@www.web-stat[2].txt

Potentially unwanted tool:Application/P2PNetworking
Not disinfected
C:\Documents and Settings\Default User\Local Settings\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet
Not disinfected
C:\Documents and Settings\Default User\Local Settings\Temp\__unin__.exe

Potentially unwanted tool:Application/P2PNetworking
Not disinfected
C:\Documents and Settings\Guest\Local Settings\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet
Not disinfected
C:\Documents and Settings\Guest\Local Settings\Temp\__unin__.exe

Spyware:Cookie/Casalemedia
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt

Spyware:Cookie/cs.sexcounter
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@cs.sexcounter[2].txt

Spyware:Cookie/FastClick
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt

Spyware:Cookie/DomainSponsor
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@landing.domainsponsor[1].txt

Spyware:Cookie/RealMedia
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt

Spyware:Cookie/XXXCounter
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[2].txt

Potentially unwanted tool:Application/P2PNetworking
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\__unin__.exe

Potentially unwanted tool:Application/HideWindow.A
Not disinfected
C:\hp\bin\FondleWindow.exe

Potentially unwanted tool:Application/KillApp.B
Not disinfected
C:\hp\bin\KillIt.exe

Potentially unwanted tool:Application/KillApp.A
Not disinfected
C:\hp\bin\Terminator.exe

Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\Program Files\PgcEdit\bin\pskill.exe

Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\Program Files\PgcEdit\pgcedit.exe[Tcl/work/PGCEDIT/bin/pskill.exe]

Spyware:Cookie/myaffiliateprogram
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1032.txt

Spyware:Cookie/web-stat
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1086.txt

Spyware:Cookie/Xiti
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1102.txt

Spyware:Cookie/Abetterinternet
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1120.txt

Spyware:Cookie/Atwola
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1126.txt

Spyware:Cookie/GoStats
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1133.txt

Spyware:Cookie/Enhance
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1134.txt

Spyware:Cookie/Com.com
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1139.txt

Spyware:Cookie/Kazaa Networks
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1144.txt

Spyware:Cookie/Go
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1162.txt

Spyware:Cookie/Kount
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1173.txt

Spyware:Cookie/Mircx
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1201.txt

Spyware:Cookie/Rightmedia
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1204.txt

Spyware:Cookie/Rn11
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1205.txt

Spyware:Cookie/Tickle
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1222.txt

Spyware:Cookie/BurstBeacon
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1236.txt

Spyware:Cookie/myaffiliateprogram
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1247.txt

Spyware:Cookie/web-stat
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc1258.txt

Spyware:Cookie/Abetterinternet
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc263.txt

Spyware:Cookie/Atwola
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc269.txt

Spyware:Cookie/GoStats
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc276.txt

Spyware:Cookie/Enhance
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc277.txt

Spyware:Cookie/Com.com
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc282.txt

Spyware:Cookie/Kazaa Networks
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc287.txt

Spyware:Cookie/Go
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc305.txt

Spyware:Cookie/Kount
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc316.txt

Spyware:Cookie/Mircx
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc344.txt

Spyware:Cookie/Rightmedia
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc347.txt

Spyware:Cookie/Rn11
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc348.txt

Spyware:Cookie/Tickle
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc365.txt

Spyware:Cookie/BurstBeacon
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc379.txt

Spyware:Cookie/myaffiliateprogram
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc390.txt

Spyware:Cookie/web-stat
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc401.txt

Spyware:Cookie/888
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc426.txt

Spyware:Cookie/Abetterinternet
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc443.txt

Spyware:Cookie/YieldManager
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc449.txt

Spyware:Cookie/Belnk
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc485.txt

Spyware:Cookie/Atwola
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc486.txt

Spyware:Cookie/Atwola
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc487.txt

Spyware:Cookie/Azjmp
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc490.txt

Spyware:Cookie/Banner
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc495.txt

Spyware:Cookie/Belnk
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc500.txt

Spyware:Cookie/GoStats
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc511.txt

Spyware:Cookie/Enhance
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc512.txt

Spyware:Cookie/Enhance
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc513.txt

Spyware:Cookie/Cassava
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc522.txt

Spyware:Cookie/Ccbill
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc523.txt

Spyware:Cookie/Com.com
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc533.txt

Spyware:Cookie/Com.com
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc534.txt

Spyware:Cookie/Kazaa Networks
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc561.txt

Spyware:Cookie/Belnk
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc564.txt

Spyware:Cookie/Entrepreneur
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc590.txt

Spyware:Cookie/Go
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc616.txt

Spyware:Cookie/Screensavers
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc639.txt

Spyware:Cookie/MediaTickets
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc666.txt

Spyware:Cookie/Kount
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc670.txt

Spyware:Cookie/Kount
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc671.txt

Spyware:Cookie/Lop
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc721.txt

Spyware:Cookie/Paypopup
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc771.txt

Spyware:Cookie/Mircx
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc782.txt

Spyware:Cookie/WegCash
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc789.txt

Spyware:Cookie/Rightmedia
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc807.txt

Spyware:Cookie/Rn11
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc809.txt

Spyware:Cookie/Searchportal
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc833.txt

Spyware:Cookie/Reliablestats
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc864.txt

Spyware:Cookie/Toplist
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc893.txt

Spyware:Cookie/Tickle
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc909.txt

Spyware:Cookie/Affiliate fuel
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc936.txt

Spyware:Cookie/BurstBeacon
Not disinfected
C:\RECYCLER\S-1-5-21-2299825339-3244783744-1582333133-1003\Dc957.txt

Potentially unwanted tool:Application/RealSpy
Not disinfected
C:\WINDOWS\SYSTEM32\actskn45.ocx

Potentially unwanted tool:Application/P2PNetworking
Not disinfected
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet
Not disinfected
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\__unin__.exe

Adware:Adware/StatBlaster
Not disinfected
C:\WINDOWS\SYSTEM32\O

Potentially unwanted tool:Application/P2PNetworking
Not disinfected
C:\WINDOWS\SYSTEM32\P2P Networking v125.cpl

hijackthis results:
Logfile of HijackThis v1.99.1
Scan saved at 4:20:26 PM, on 7/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us4.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://srch-us4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://srch-us4.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
http=127.0.0.1:9022
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BackWeb LiteInstaller]
C:\DOCUME~1\Owner\LOCALS~1\Temp\ins1.tmp\LiteInst.exe /NoIntervention
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: hp center.lnk =
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI8321~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content -
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page -
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image -
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI8321~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) -

http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122328129278

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4683F496-4221-4D72-84EE-B777B719C139}:
NameServer = 205.171.3.65 205.171.2.65
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG -
C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner -
C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[erikhertzel]

You need to hit it with something that will delete the files. Try AVG Free Antivirus:

http://www.sabethacomputing.com/downloads/avg71free_392a744.exe

update it and do a full system scan.

I would check for malware as well:

spysweeper:

http://www.sabethacomputing.com/downloads/ssfsetup266_1830745541.exe

Update the defs and do a sweep.

Also check this out:

Ewido download:

http://www.sabethacomputing.com/downloads/ewido-setup_4.0.0.172.exe

Update it and run a complete scan.

Post logs back and let us know if you got it.

Regards.

Erik

 

[pechenegs]

go here and empty out this folder!

C:\Program Files\Norton AntiVirus\Quarantine



* Go to Control Panel > Internet Options. On the General tab under
"Temporary Internet Files" Click "Delete Files". Put a check by "Delete
Offline Content" and click OK. Click on the "Delete Cookies" button to clear
the cookies.


To block cookies in IE.

Go to view/privacy report/highlight the offending cookie/click summary/
and choose never allow this site to use cookies/ click ok and exit!This
will block all tracking cookies from being set on your computer!



First make a folder In C:\ & call it BFU then

please download BFU from

http://www.majorgeeks.com/Brute_Force_Uninstaller_BFU_d4714.html

and save it to the folder you have just made.
Open the folder & double click BFU.exe to run it


Run the program and click the Web button.


Use this URL below and copy it into the address bar of the Download script
window:

http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:

http://metallica.geekstogo.com/BFUinstructions.html

post a hijack this log

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[Eprice]

I have done everything listed above except

http://www.sabethacomputing.com/downloads/ssfsetup266_1830745541.exe

I tried twice and it was corrupt. After I did all of these things I turned Norton and active X back on and while on the internet for at least a half hour, I got NO messages telling me I had the Bloodhound virus. I also uninstalled Norton (there goes my 29.95 renewal) and plan to just use AVG along with Ad-aware, Spybots Search and Destroy and ewido. Do you think just uninstalling Norton will completely get rid of it or is there more to it than just using thier uninstall. Anyway, thank both of you very much for the virus help and free links.
Lisa

 

[erikhertzel]

You should be good to go. You can try download Spy Sweeper again, I uploaded it again since you were saying it was corrupted.