Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

backdoor.virkel? i'm not sure, its serious and i'm unable to f


  • Please log in to reply

#1
Sarahbell

Sarahbell

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:59:30 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\yhyieyp\smss.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\PK4B5HK5\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yejzdxvld...M9lxfKU1Jy.html
F3 - REG:win.ini: load=C:\WINDOWS\system32\yhyieyp\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\yhyieyp\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\MSNAppM.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [tjevagbj] C:\obcglxhb.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137024498718
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Sarahbell and welcome,

I need you to do a couple things if you would please,

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this new folder please,
This is important so please do this prior to anything else please


Next
Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.



Next check AVG for updates, download any if found, Run a full system scan with AVG and have it fix anything it finds


After that please post back a fresh HJT log and the silent runners log for me please
  • 0

#3
Sarahbell

Sarahbell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [file not found]
"csrss" = "*i" (unwritable string) [file not found]
"AVG7_Run" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE" ["GRISOFT, s.r.o."]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"HPHUPD06" = "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" ["Hewlett-Packard"]
"HPHmon06" = "C:\WINDOWS\system32\hphmon06.exe" ["Hewlett-Packard"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"VTTimer" = "VTTimer.exe" [file not found]
"SSC_UserPrompt" = "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"msnsyslog" = "C:\WINDOWS\MSNAppM.exe" [file not found]
"csrss" = "*a" (unwritable string) [file not found]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
"tjevagbj" = "C:\obcglxhb.bat" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "c:\Program Files\Sonic RecordNow!\shlext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\Office\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {HKLM...CLSID} = "KodakShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "C:\WINDOWS\system32\yhyieyp\csrss.exe" [null data]
INFECTION WARNING! "run" = "C:\WINDOWS\system32\yhyieyp\csrss.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]


Startup items in "HP_Owner" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
"csrss" -> shortcut to: "" [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"RAMASST" -> shortcut to: "C:\WINDOWS\system32\RAMASST.exe" ["Matsushita Electric Industrial Co., Ltd."]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScanType config -Privileges restricted" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]
"XoftSpySE" -> launches: "C:\Program Files\XoftSpySE\XoftSpy.exe -t" ["ParetoLogic"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "*b" (unwritable string)
-> {HKLM...CLSID} = "HP view"
\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll" ["Hewlett-Packard Company"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
Belkin 54g Wireless USB Network Adapter, Belkin 54g Wireless USB Network Adapter Service, "C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe" [null data]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsushita Electric Industrial Co., Ltd."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
SymWMI Service, SymWSC, ""c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 18 seconds for message boxes)

Here is the silent runners log. i am still working on the scan so i will post the hjt log once that is done. Thank you so much for your help so far. I really appreciate it. :whistling:
  • 0

#4
Sarahbell

Sarahbell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here you go:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:04 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\yhyieyp\smss.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yejzdxvld...M9lxfKU1Jy.html
F3 - REG:win.ini: load=C:\WINDOWS\system32\yhyieyp\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\yhyieyp\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\MSNAppM.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [tjevagbj] C:\obcglxhb.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137024498718
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Great work so far :whistling:

Disable Spyware Doctor:
Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
Click the Spyware Doctor icon in the System Tray.
Click Settings.
Click Startup Settings under Pick a Category.
Uncheck Run at Windows startup.
Click Apply and Exit Spyware Doctor


Next
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop

Don't do anything with it yet we will use it in a bit,


Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yejzdxvld...M9lxfKU1Jy.html
F3 - REG:win.ini: load=C:\WINDOWS\system32\yhyieyp\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\yhyieyp\csrss.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tjevagbj] C:\obcglxhb.bat


Close out HJT,

Next

*Double-click on the killbox folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\yhyieyp\csrss.exe
C:\obcglxhb.bat

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click on “All Files”
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt


The computer should automatically restart if not restart manually,

Next
Once back in Normal mode,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Post back a fresh HJT log as well please
  • 0

#6
Sarahbell

Sarahbell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:51 AM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\MSNAppM.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137024498718
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

when i click on the panda link, i get the message sayaing cannot find server, but i haven't lost internet connection or anything. This is just what has been happening when i try to access certain webpages. :whistling:
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
We will try another, But first I apologize I thought I added the following to be fixed with HJT

O4 - Startup: csrss.lnk = ?

Please open HJT and fix the above, make sure you have all other open windows closed, after you fix it open HJT again rescan and see that it is gone, If not reboot to safe mode and fix it with HJT while in safe mode,


Once back in Normal mode
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#8
Sarahbell

Sarahbell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to [email protected], mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.

This is what happens when I try to delete the 04-Startup:csrss.lnk=? in normal mode. It won't delete. When I run the scan in safemode, the 04-Startup:csrss.lnk=? doesn't show up. Also, when I try the Kaspersky online scanner, I get the same message as before-browser unavailable. I'm not sure what to do now.
  • 0

#9
Sarahbell

Sarahbell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I searched for an online scanner and found one that worked. It was called Bitdefender. Here are the results, but the scan did not fix the trouble I'm having.




BitDefender Online Scanner



Scan report generated at: Sat, Jun 03, 2006 - 18:44:22





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
02:31:38

Files
1299447

Folders
14371

Boot Sectors
3

Archives
20282

Packed Files
104412




Results

Identified Viruses
31

Infected Files
66

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
111




Engines Info

Virus Definitions
386416

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\!KillBox\csrss.exe
Infected with: Backdoor.Landis.W

C:\!KillBox\csrss.exe
Disinfection failed

C:\!KillBox\csrss.exe
Deleted

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{3B6E8E66-9B4B-46EE-B4C1-4F99EEDF3CF1}
Infected with: Generic.Qhost

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{3B6E8E66-9B4B-46EE-B4C1-4F99EEDF3CF1}
Disinfection failed

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{3B6E8E66-9B4B-46EE-B4C1-4F99EEDF3CF1}
Deleted

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{BDDCBB55-2DC1-45E0-B9E7-3EA28AADD820}
Infected with: Generic.Qhost

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{BDDCBB55-2DC1-45E0-B9E7-3EA28AADD820}
Disinfection failed

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{BDDCBB55-2DC1-45E0-B9E7-3EA28AADD820}
Deleted

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{CF75763B-F945-4A16-A4E7-37330A8C0A72}
Infected with: Generic.Qhost

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{CF75763B-F945-4A16-A4E7-37330A8C0A72}
Disinfection failed

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows Defender\FileTracker\{CF75763B-F945-4A16-A4E7-37330A8C0A72}
Deleted

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe=>wise0020
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe=>wise0020
Deleted

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe
Update failed

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe=>wise0023
Infected with: Trojan.Muldrop.1869.A

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe=>wise0023
Disinfection failed

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe=>wise0023
Deleted

C:\Documents and Settings\Kevin_Bell\My Documents\msn\britneyfest.exe
Update failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\525C56E6-332A-4253-8D3A-CD5810\8F918745-EA34-4843-8EA8-4BEB62
Detected with: Application.Adware.NewDotNet.B

C:\Program Files\Microsoft AntiSpyware\Quarantine\525C56E6-332A-4253-8D3A-CD5810\8F918745-EA34-4843-8EA8-4BEB62
Disinfection failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\525C56E6-332A-4253-8D3A-CD5810\8F918745-EA34-4843-8EA8-4BEB62
Deleted

C:\Program Files\Microsoft AntiSpyware\Quarantine\8D3A63BE-A442-43D3-8B23-02FBDF\50DEBE59-5780-4A3A-9C3D-0E8485
Detected with: Application.Adware.Funweb.A

C:\Program Files\Microsoft AntiSpyware\Quarantine\8D3A63BE-A442-43D3-8B23-02FBDF\50DEBE59-5780-4A3A-9C3D-0E8485
Disinfection failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\8D3A63BE-A442-43D3-8B23-02FBDF\50DEBE59-5780-4A3A-9C3D-0E8485
Deleted

C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6EBCB0-B859-44AE-9E4D-548B14\953733BF-A69D-487A-BFAE-12F3D3
Detected with: Application.Adware.Funweb.A

C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6EBCB0-B859-44AE-9E4D-548B14\953733BF-A69D-487A-BFAE-12F3D3
Disinfection failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6EBCB0-B859-44AE-9E4D-548B14\953733BF-A69D-487A-BFAE-12F3D3
Deleted

C:\Program Files\Microsoft AntiSpyware\Quarantine\BFB35DC8-5CD9-4D7F-8444-596161\7720DFF4-E0DF-414E-B43C-74F916
Infected with: Trojan.Downloader.FunWeb.A

C:\Program Files\Microsoft AntiSpyware\Quarantine\BFB35DC8-5CD9-4D7F-8444-596161\7720DFF4-E0DF-414E-B43C-74F916
Disinfection failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\BFB35DC8-5CD9-4D7F-8444-596161\7720DFF4-E0DF-414E-B43C-74F916
Deleted

C:\Program Files\Microsoft AntiSpyware\Quarantine\E033FC1E-19C4-4E26-904A-EAEFE1\2E60A168-06C0-4A71-8A7C-179079
Infected with: Trojan.Downloader.FunWeb.A

C:\Program Files\Microsoft AntiSpyware\Quarantine\E033FC1E-19C4-4E26-904A-EAEFE1\2E60A168-06C0-4A71-8A7C-179079
Disinfection failed

C:\Program Files\Microsoft AntiSpyware\Quarantine\E033FC1E-19C4-4E26-904A-EAEFE1\2E60A168-06C0-4A71-8A7C-179079
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\02727AE5.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\02727AE5.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\02727AE5.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\030D5EFE.class=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\030D5EFE.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\030D5EFE.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\074101FD=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\074101FD=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\074101FD=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\07442BF9=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\07442BF9=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\07442BF9=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\08E8236B=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\08E8236B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\08E8236B=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\09662D58.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\09662D58.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\09662D58.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A395A2A.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A395A2A.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A395A2A.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A3D0427.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A3D0427.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1A3D0427.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1C5D3F96=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1C5D3F96=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\1C5D3F96=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\26A5604C.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\26A5604C.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\26A5604C.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\32E41D5A.class=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\32E41D5A.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\32E41D5A.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\407F6D64.class=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\407F6D64.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\407F6D64.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\459E279A.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\459E279A.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\459E279A.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\56956197=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\56956197=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\56956197=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\609E1414=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\609E1414=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\609E1414=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\659A5A5C.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\659A5A5C.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\659A5A5C.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.class=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\65F07C99.zip
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\67E967F1.class=>(Quarantine-2)
Infected with: Trojan.Downloader.Java.Openconnection.V

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\67E967F1.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\67E967F1.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6C6350CC.class=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6C6350CC.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6C6350CC.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6F3A7853.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6F3A7853.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\6F3A7853.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\76264399.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\76264399.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\76264399.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\7F35667A.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Z

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\7F35667A.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\Quarantine\7F35667A.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\055727EE=>(Quarantine-2)
Detected with: Application.Adware.Sidefind.B

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\055727EE=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\055727EE=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05B33E60=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.IJ

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05B33E60=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11437A5E=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DX

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11437A5E=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11437A5E=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\166C0B4B=>(Quarantine-2)
Detected with: Application.Adware.Sidefind.A

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\166C0B4B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\166C0B4B=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A364280=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.JM

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A364280=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A364280=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BEF2B79=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.MY

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BEF2B79=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BEF2B79=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BF67F72=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.MY

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BF67F72=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BF67F72=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\314B35C8=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.IC

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\314B35C8=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\314B35C8=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336222DD=>(Quarantine-2)
Detected with: Application.Adware.Sidefind.A

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336222DD=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336222DD=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33664CDA=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.BG

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33664CDA=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33664CDA=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336976D6=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.JM

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336976D6=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336976D6=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336C20D3=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.ME

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336C20D3=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336C20D3=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336F4ACF=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DD

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\336F4ACF=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\378F1753=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.BF

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\378F1753=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\378F1753=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B954659=>(Quarantine-2)
Infected with: Trojan.Sillydl.47104.B

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B954659=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B954659=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FEB6060=>(Quarantine-2)
Detected with: Application.Adware.Sidefind.B

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FEB6060=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FEB6060=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59401387=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.MY

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59401387=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59401387=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9D184C=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.XO

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9D184C=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9D184C=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F001BDD.class=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.D

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F001BDD.class=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F001BDD.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62DD1679.class=>(Quarantine-2)
Infected with: Trojan.Java.ClassLoader.D

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62DD1679.class=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71F32D99=>(Quarantine-2)
Infected with: Trojan.Downloader.Adload.A

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71F32D99=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71F32D99=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75CD685A=>(Quarantine-2)
Infected with: Trojan.Startpage.G

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75CD685A=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75CD685A=>(Quarantine-2)
Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE732F0=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.JM

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE732F0=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DE732F0=>(Quarantine-2)
Deleted

C:\WINDOWS\system32\drivers\etc\hosts
Infected with: Generic.Qhost

C:\WINDOWS\system32\drivers\etc\hosts
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202753.backup
Infected with: Generic.Qhost

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202753.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202753.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202754.backup
Infected with: Generic.Qhost

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202754.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20060305-202754.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203158.backup
Infected with: Generic.Qhost

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203158.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203158.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203159.backup
Infected with: Generic.Qhost

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203159.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20060310-203159.backup
Deleted

C:\WINDOWS\system32\yhyieyp\smss.exe
Infected with: Trojan.VB.BT

C:\WINDOWS\system32\yhyieyp\smss.exe
Disinfection failed

C:\WINDOWS\system32\yhyieyp\smss.exe
Deleted
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
sorry for the delay,
It looks to have cleaned and deleted everything could you rescan and post back what it finds please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP