Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Too much stuff beyond my understanding

Started by richardl609 , Mar 23 2006 03:17 AM

Please log in to reply

#1
richardl609

Posted 23 March 2006 - 03:17 AM

New Member

Member
9 posts

Dear friends,
i am a new bee & have a lot of stuff going on can't log into trendmicro, norton live update dosent work, anti-virus scanning dosent work, can somebody guide to become virus free

here is my log files

Logfile of HijackThis v1.99.1
Scan saved at 2:43:38 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\The Cleaner\cleaner.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O4SP4YJE\HijackThis[1].exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: 127.0.0.22 mcafee.com
O1 - Hosts: 127.0.0.22 www.mcafee.com
O1 - Hosts: 127.0.0.22 mcafee.net
O1 - Hosts: 127.0.0.22 www.mcafee.net
O1 - Hosts: 127.0.0.22 mcafee.org
O1 - Hosts: 127.0.0.22 www.mcafee.org
O1 - Hosts: 127.0.0.22 mcafeesecurity.com
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.com
O1 - Hosts: 127.0.0.22 mcafeesecurity.net
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.net
O1 - Hosts: 127.0.0.22 mcafeesecurity.org
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.org
O1 - Hosts: 127.0.0.22 mcafeeb2b.com
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.com
O1 - Hosts: 127.0.0.22 mcafeeb2b.net
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.net
O1 - Hosts: 127.0.0.22 mcafeeb2b.org
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.org
O1 - Hosts: 127.0.0.22 nai.com
O1 - Hosts: 127.0.0.22 www.nai.com
O1 - Hosts: 127.0.0.22 nai.net
O1 - Hosts: 127.0.0.22 www.nai.net
O1 - Hosts: 127.0.0.22 nai.org
O1 - Hosts: 127.0.0.22 www.nai.org
O1 - Hosts: 127.0.0.22 vil.nai.com
O1 - Hosts: 127.0.0.22 www.vil.nai.com
O1 - Hosts: 127.0.0.22 vil.nai.net
O1 - Hosts: 127.0.0.22 www.vil.nai.net
O1 - Hosts: 127.0.0.22 vil.nai.org
O1 - Hosts: 127.0.0.22 www.vil.nai.org
O1 - Hosts: 127.0.0.22 grisoft.com
O1 - Hosts: 127.0.0.22 www.grisoft.com
O1 - Hosts: 127.0.0.22 grisoft.net
O1 - Hosts: 127.0.0.22 www.grisoft.net
O1 - Hosts: 127.0.0.22 grisoft.org
O1 - Hosts: 127.0.0.22 www.grisoft.org
O1 - Hosts: 127.0.0.22 kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 kaspersky.com
O1 - Hosts: 127.0.0.22 www.kaspersky.com
O1 - Hosts: 127.0.0.22 kaspersky.net
O1 - Hosts: 127.0.0.22 www.kaspersky.net
O1 - Hosts: 127.0.0.22 kaspersky.org
O1 - Hosts: 127.0.0.22 www.kaspersky.org
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 download.mcafee.com
O1 - Hosts: 127.0.0.22 www.download.mcafee.com
O1 - Hosts: 127.0.0.22 download.mcafee.net
O1 - Hosts: 127.0.0.22 www.download.mcafee.net
O1 - Hosts: 127.0.0.22 download.mcafee.org
O1 - Hosts: 127.0.0.22 www.download.mcafee.org
O1 - Hosts: 127.0.0.22 norton.com
O1 - Hosts: 127.0.0.22 www.norton.com
O1 - Hosts: 127.0.0.22 norton.net
O1 - Hosts: 127.0.0.22 www.norton.net
O1 - Hosts: 127.0.0.22 norton.org
O1 - Hosts: 127.0.0.22 www.norton.org
O1 - Hosts: 127.0.0.22 symantec.com
O1 - Hosts: 127.0.0.22 www.symantec.com
O1 - Hosts: 127.0.0.22 symantec.net
O1 - Hosts: 127.0.0.22 www.symantec.net
O1 - Hosts: 127.0.0.22 symantec.org
O1 - Hosts: 127.0.0.22 www.symantec.org
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 liveupdate.symantec.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

#2
Buckeye_Sam

Posted 23 March 2006 - 05:05 PM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory.

Download and run the HijackThis autoinstall program
Please choose the default location of C:\Program Files as the destination.
Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

=========

Download Hoster.

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.

=========

Reboot and post a new hijackthis log in your next reply.

#3
richardl609

Posted 24 March 2006 - 03:28 AM

New Member

Topic Starter
Member
9 posts

Dear Sam,

thanks for your reply, i did follow your comments here is my new Hijack This log, sorry for the delay as i had almost given up on the forum, just when you had replied. thanks much, please help me get rid of this.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:10 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

Edited by richardl609, 24 March 2006 - 03:35 AM.

#4
Buckeye_Sam

Posted 24 March 2006 - 02:39 PM

Malware Expert

Member
10,019 posts

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\KesenjanganSosial.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\svchost.exe
C:\WINDOWS\ShellNew\RakyatKelaparan.exe
C:\WINDOWS\System32\cmd-brontok.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

============

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Also post a new hijackthis log.

#5
richardl609

Posted 25 March 2006 - 04:14 AM

New Member

Topic Starter
Member
9 posts

Dear Sam
here is the log for kaspersky scan

Notes:

Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). - I DID RECEIVE THE MESSAGE & I CLICKED OK

can Statistics
Total number of scanned objects 66105
Number of viruses found 3
Number of infected objects 100
Number of suspicious objects 0
Duration of the scan process 00:40:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN/392315089702606E-02,UUE Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Infected: Email-Worm.Win32.Brontok.n skipped
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Infected: Email-Worm.Win32.Brontok.n skipped

#6
richardl609

Posted 25 March 2006 - 04:15 AM

New Member

Topic Starter
Member
9 posts

mY LATEST HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:44:44 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

#7
Buckeye_Sam

Posted 25 March 2006 - 07:55 AM

Malware Expert

Member
10,019 posts

Which antivirus program are you using, Symantec(Norton) or TrendMicro? Can you now update it?
If so, please download all updates and run a full scan with your antivirus program.

If it's still not working, then follow this next step.

Please download Bit Defender 8 Free Edition

Install the program and then follow the prompts to download all available updates.
Perform a full scan on your Local drive.
When the scan is complete save the log and post it back here in your next reply.

Please delete these files if still present after a virus scan.

C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe
C:\Documents and Settings\All Users\Documents\SharedDocs.exe

Let me know how your computer is working now. Any problems?

#8
richardl609

Posted 27 March 2006 - 02:12 AM

New Member

Topic Starter
Member
9 posts

Dear sam here is my data from the bitdefender scan

//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 27/03/2006 12:33:11
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
D:\
E:\
Folders : 3227
Files : 469131
Archives : 1265
Packed files : 59376
Identified viruses : 4
Infected files : 97
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 4
Copied files : 0
Moved files : 95
Renamed files : 0
I/O errors : 31
Scan time : 01:04:31
Scan speed (files/sec) : 121

Virus definitions : 339693
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE) Infected [email protected]
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN=>(Quarantine-PE) Infected [email protected]
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN=>(Quarantine-PE) Deleted
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Moved
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Moved
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Moved
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Moved
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Infected BehavesLike:Trojan.RegistryDisabler
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Disinfection failed
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Moved

#9
richardl609

Posted 27 March 2006 - 02:15 AM

New Member

Topic Starter
Member
9 posts

my latest hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:43:05 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#10
richardl609

Posted 27 March 2006 - 02:18 AM

New Member

Topic Starter
Member
9 posts

Dear sam

my norton virus is working now but not the updates for latest virus definition, its was last updated on 02/8/06

so now i am scanning with just hte previous updates version

#11
Buckeye_Sam

Posted 27 March 2006 - 05:20 PM

Malware Expert

Member
10,019 posts

Your log looks pretty good. Besides Norton being unable to update, are you having any problems?

#12
richardl609

Posted 28 March 2006 - 08:10 AM

New Member

Topic Starter
Member
9 posts

Dear Sam
something happened yesterday, just when i was thinking that all is going to get right i was copying an file from a cd and suddenly

I Cant run Hijack this ( when i try to run hijack this i get a message " The applicaiton has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this ) i re installed it but no use
The norton antivirus is not working
I ran the Bit Defender & it cleaned up some viruses

dont know what do do know

#13
Buckeye_Sam

Posted 28 March 2006 - 03:55 PM

Malware Expert

Member
10,019 posts

Download and install VB 6 Runtime Files from here.
http://www.microsoft...&displaylang=en

If Norton still doesn't work, try uninstalling it and then reinstall it.

#14
richardl609

Posted 01 April 2006 - 06:01 AM

New Member

Topic Starter
Member
9 posts

Dear Sam, i am not able to install norton antivirus as it says that

set up has found notron antivirus on your computer, you should remove that and start reinstall.

this message even after i removed the antivirus.