Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Too much stuff beyond my understanding


  • Please log in to reply

#1
richardl609

richardl609

    New Member

  • Member
  • Pip
  • 9 posts
Dear friends,
i am a new bee & have a lot of stuff going on can't log into trendmicro, norton live update dosent work, anti-virus scanning dosent work, can somebody guide to become virus free

here is my log files

Logfile of HijackThis v1.99.1
Scan saved at 2:43:38 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\The Cleaner\cleaner.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O4SP4YJE\HijackThis[1].exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: 127.0.0.22 mcafee.com
O1 - Hosts: 127.0.0.22 www.mcafee.com
O1 - Hosts: 127.0.0.22 mcafee.net
O1 - Hosts: 127.0.0.22 www.mcafee.net
O1 - Hosts: 127.0.0.22 mcafee.org
O1 - Hosts: 127.0.0.22 www.mcafee.org
O1 - Hosts: 127.0.0.22 mcafeesecurity.com
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.com
O1 - Hosts: 127.0.0.22 mcafeesecurity.net
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.net
O1 - Hosts: 127.0.0.22 mcafeesecurity.org
O1 - Hosts: 127.0.0.22 www.mcafeesecurity.org
O1 - Hosts: 127.0.0.22 mcafeeb2b.com
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.com
O1 - Hosts: 127.0.0.22 mcafeeb2b.net
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.net
O1 - Hosts: 127.0.0.22 mcafeeb2b.org
O1 - Hosts: 127.0.0.22 www.mcafeeb2b.org
O1 - Hosts: 127.0.0.22 nai.com
O1 - Hosts: 127.0.0.22 www.nai.com
O1 - Hosts: 127.0.0.22 nai.net
O1 - Hosts: 127.0.0.22 www.nai.net
O1 - Hosts: 127.0.0.22 nai.org
O1 - Hosts: 127.0.0.22 www.nai.org
O1 - Hosts: 127.0.0.22 vil.nai.com
O1 - Hosts: 127.0.0.22 www.vil.nai.com
O1 - Hosts: 127.0.0.22 vil.nai.net
O1 - Hosts: 127.0.0.22 www.vil.nai.net
O1 - Hosts: 127.0.0.22 vil.nai.org
O1 - Hosts: 127.0.0.22 www.vil.nai.org
O1 - Hosts: 127.0.0.22 grisoft.com
O1 - Hosts: 127.0.0.22 www.grisoft.com
O1 - Hosts: 127.0.0.22 grisoft.net
O1 - Hosts: 127.0.0.22 www.grisoft.net
O1 - Hosts: 127.0.0.22 grisoft.org
O1 - Hosts: 127.0.0.22 www.grisoft.org
O1 - Hosts: 127.0.0.22 kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 kaspersky.com
O1 - Hosts: 127.0.0.22 www.kaspersky.com
O1 - Hosts: 127.0.0.22 kaspersky.net
O1 - Hosts: 127.0.0.22 www.kaspersky.net
O1 - Hosts: 127.0.0.22 kaspersky.org
O1 - Hosts: 127.0.0.22 www.kaspersky.org
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.22 download.mcafee.com
O1 - Hosts: 127.0.0.22 www.download.mcafee.com
O1 - Hosts: 127.0.0.22 download.mcafee.net
O1 - Hosts: 127.0.0.22 www.download.mcafee.net
O1 - Hosts: 127.0.0.22 download.mcafee.org
O1 - Hosts: 127.0.0.22 www.download.mcafee.org
O1 - Hosts: 127.0.0.22 norton.com
O1 - Hosts: 127.0.0.22 www.norton.com
O1 - Hosts: 127.0.0.22 norton.net
O1 - Hosts: 127.0.0.22 www.norton.net
O1 - Hosts: 127.0.0.22 norton.org
O1 - Hosts: 127.0.0.22 www.norton.org
O1 - Hosts: 127.0.0.22 symantec.com
O1 - Hosts: 127.0.0.22 www.symantec.com
O1 - Hosts: 127.0.0.22 symantec.net
O1 - Hosts: 127.0.0.22 www.symantec.net
O1 - Hosts: 127.0.0.22 symantec.org
O1 - Hosts: 127.0.0.22 www.symantec.org
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.22 liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.com
O1 - Hosts: 127.0.0.22 liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.net
O1 - Hosts: 127.0.0.22 liveupdate.symantec.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

=========


Download Hoster.

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.


=========


Reboot and post a new hijackthis log in your next reply.
  • 0

#3
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear Sam,

thanks for your reply, i did follow your comments here is my new Hijack This log, sorry for the delay as i had almost given up on the forum, just when you had replied. thanks much, please help me get rid of this.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:10 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

Edited by richardl609, 24 March 2006 - 03:35 AM.

  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe"




Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\KesenjanganSosial.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\csrss.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\svchost.exe
    C:\WINDOWS\ShellNew\RakyatKelaparan.exe
    C:\WINDOWS\System32\cmd-brontok.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



============


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new hijackthis log.
  • 0

#5
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear Sam
here is the log for kaspersky scan

Notes:

Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). - I DID RECEIVE THE MESSAGE & I CLICKED OK

can Statistics
Total number of scanned objects 66105
Number of viruses found 3
Number of infected objects 100
Number of suspicious objects 0
Duration of the scan process 00:40:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN Infected: Email-Worm.Win32.Brontok.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN/392315089702606E-02,UUE Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Infected: Email-Worm.Win32.Brontok.n skipped
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Infected: Email-Worm.Win32.Brontok.n skipped
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Infected: Email-Worm.Win32.Brontok.n skipped
  • 0

#6
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
mY LATEST HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:44:44 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Which antivirus program are you using, Symantec(Norton) or TrendMicro? Can you now update it?
If so, please download all updates and run a full scan with your antivirus program.

If it's still not working, then follow this next step.

Please download Bit Defender 8 Free Edition
  • Install the program and then follow the prompts to download all available updates.
  • Perform a full scan on your Local drive.
  • When the scan is complete save the log and post it back here in your next reply.


Please delete these files if still present after a virus scan.

C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe
C:\Documents and Settings\All Users\Documents\SharedDocs.exe



Let me know how your computer is working now. Any problems?
  • 0

#8
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear sam here is my data from the bitdefender scan


//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 27/03/2006 12:33:11
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
D:\
E:\
Folders : 3227
Files : 469131
Archives : 1265
Packed files : 59376
Identified viruses : 4
Infected files : 97
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 4
Copied files : 0
Moved files : 95
Renamed files : 0
I/O errors : 31
Scan time : 01:04:31
Scan speed (files/sec) : 121

Virus definitions : 339693
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0005.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C6C0006.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500002.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500004.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500006.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03500008.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000A.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0350000C.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN=>(Quarantine-PE) Infected Generic.Brontok
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN=>(Quarantine-PE) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN Moved
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE) Infected [email protected]
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN=>(Quarantine-PE) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN=>(Quarantine-PE) Infected [email protected]
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN=>(Quarantine-PE) Deleted
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Videos\My Videos.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00087F6A\00087F6A.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music.exe Moved
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Music\My Music.exe Moved
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures.exe Moved
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\My Pictures\My Pictures.exe Moved
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Disinfection failed
C:\Documents and Settings\All Users\Documents\SharedDocs.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008171.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008172.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008173.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008174.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008175.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008176.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008177.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008178.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008179.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008180.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008181.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008182.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008183.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008184.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008185.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008186.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008187.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008197.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008198.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008199.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008200.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008201.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008202.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008203.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008204.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008205.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008206.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008207.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008208.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008209.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008210.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008214.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008215.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008216.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008217.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008218.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008219.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008220.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008221.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008222.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008223.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008224.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008225.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008226.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP21\A0008227.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008228.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008229.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008230.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008231.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008232.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008233.pif Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008234.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008236.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008237.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008238.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008239.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008240.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008241.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0008242.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010859.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010860.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010861.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010862.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010863.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010864.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010865.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010866.com Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010867.exe Moved
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Infected BehavesLike:Trojan.RegistryDisabler
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Disinfection failed
C:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0010868.exe Moved
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Infected BehavesLike:Trojan.RegistryDisabler
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Disinfection failed
E:\System Volume Information\_restore{406F8770-EEEE-43E0-ACC3-AA7A535A626E}\RP22\A0013504.exe Moved
  • 0

#9
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
my latest hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:43:05 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra 'Tools' menuitem: BlogEverywhere Blogbar - {A92ED0AE-BE6F-4690-A3FF-5A56717CC3C8} - C:\Program Files\BlogEverywhere\IETB\1.4.6064.0\ietb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B44F5E-73A5-40D5-975C-4A80DF340701}: NameServer = 202.65.128.251,202.56.230.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#10
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear sam

my norton virus is working now but not the updates for latest virus definition, its was last updated on 02/8/06

so now i am scanning with just hte previous updates version
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks pretty good. Besides Norton being unable to update, are you having any problems?
  • 0

#12
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear Sam
something happened yesterday, just when i was thinking that all is going to get right i was copying an file from a cd and suddenly

I Cant run Hijack this ( when i try to run hijack this i get a message " The applicaiton has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this ) i re installed it but no use
The norton antivirus is not working
I ran the Bit Defender & it cleaned up some viruses


dont know what do do know
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download and install VB 6 Runtime Files from here.
http://www.microsoft...&displaylang=en

If Norton still doesn't work, try uninstalling it and then reinstall it.
  • 0

#14
richardl609

richardl609

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dear Sam, i am not able to install norton antivirus as it says that

set up has found notron antivirus on your computer, you should remove that and start reinstall.

this message even after i removed the antivirus.
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Check this link and follow the steps there to uninstall Norton.
http://service1.syma...=&osv=&osv_lvl=
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP