Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Websearchnetwork Infection [RESOLVED]

Started by JoeCool , Jun 14 2005 01:18 PM

  • This topic is locked This topic is locked

#1
JoeCool
Posted 14 June 2005 - 01:18 PM

JoeCool

    Member

  • Member
  • PipPip
  • 17 posts
Hello again,

I had some problems back in April that weren't fully fixed. I spent a lot of time away from my computer only to come back to the same viruses. If you could help me get rid of everything once and for all that would be excellent. Thanks.

Here is my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:27 PM, on 6/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearchnetwork.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\timon2.dll
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\timon2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

Advertisements

#2
Excal
Posted 21 June 2005 - 09:32 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi JoeCool and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
JoeCool
Posted 22 June 2005 - 12:15 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Excal, thanks for your help. The issue has not yet been resolved and is only seeming to get worse.

Thanks for your time,
Joecool


Logfile of HijackThis v1.99.1
Scan saved at 1:14:12 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\update\update.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearchnetwork.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\timon2.dll
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\timon2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#4
JoeCool
Posted 22 June 2005 - 02:04 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I just tried a different type of virus scan that removed some files. Here is a new log. Thanks again.


Logfile of HijackThis v1.99.1
Scan saved at 3:04:06 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearchnetwork.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\timon2.dll
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\timon2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#5
Excal
Posted 22 June 2005 - 07:27 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi JoeCool and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

I noticed that your HiJackthis.exe is located on your desktop, make sure to save HijackThis in its own folder (i.e. C:\HJT). This is very important, so HiJackThis can save backups!

I also noticed that you have two anti virus programs running on your computer. This will not give you more security, in fact it just might do the opposite. Having two running will almost certainly casue conflicts. Please choose one to uninstall and do so. If you need help, let me know :tazz:

Please go here and upload

C:\Windows\System32\wininet.dll

then please post the results in your next reply.

Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
We will be using this program later.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearchnetwork.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\timon2.dll
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\timon2.dll
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

7. click the Fix Checked box

8. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\PSGuard

9. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\about.htm
C:\WINDOWS\timon2.dll

10. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

11. Run the program CleanUp!

12. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

13. Please post the Active scan log, Jotti log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#6
JoeCool
Posted 23 June 2005 - 10:28 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks a lot for your help. After several attempts I was still unable to run the "activescan."

Here is the result from the first scan and also a fresh Hijack.
Thanks.

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing


Logfile of HijackThis v1.99.1
Scan saved at 11:28:28 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hereandnow.northwestern.edu/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


**EDIT**
The active scan worked:


Incident Status Location

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll
Spyware:Spyware/ISTbar No disinfected Windows Registry
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf
Adware:Adware/Sqwire No disinfected C:\WINDOWS\System32\tsuninst.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Adam Gross\Application Data\tvm*.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Midaddle No disinfected C:\WINDOWS\System32\preuninstall.exe
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\System32\lmf32v.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/AzeSearch No disinfected Windows Registry
Adware:Adware/Startpage.AAO No disinfected C:\WINDOWS\System32\WUCLIENT.dat
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Adam Gross\Application Data\PSGuard.com
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Adam Gross\Application Data\tvmuknwrd.dll
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\Adam Gross\Desktop\backups\backup-20050623-122659-631.dll
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\iiww\iiwwd\iiwwc.dll
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\iiww\iiwwp.exe
Adware:Adware/PsGuard No disinfected C:\Program Files\FASoft\n-Track Studio 4\ntrckresdll.dll
Adware:Adware/WinTools No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[0.scl]
Adware:Adware/WUpd No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[1.scl]
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[10.scl]
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[11.scl]
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[16.scl]
Adware:Adware/nCase No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[27.scl]
Adware:Adware/NetPals No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[278.scl]
Adware:Adware/nCase No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[28.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[282.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[284.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[285.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[286.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[287.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[288.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[289.scl]
Adware:Adware/nCase No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[29.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[290.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[291.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[292.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[293.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[294.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[295.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[296.scl]
Adware:Adware/Gator No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[297.scl]
Virus:Trj/Downloader.OU Disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[298.scl]
Adware:Adware/Transponder No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[3.scl]
Adware:Adware/nCase No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[30.scl]
Adware:Adware/Megasearch No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[302.scl]
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[306.scl]
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[307.scl]
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[308.scl]
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[309.scl]
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[310.scl]
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[311.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[315.scl][conscorr.inf]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[315.scl][conscorr.exe]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[315.scl][conscorr.ini]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[316.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[317.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[318.scl]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[32.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[320.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[320.scl][localNrd.inf]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[320.scl][localNRD.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[320.scl][preInsln.exe]
Adware:Adware/Transponder No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[320.scl][polall1l.exe]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[321.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[322.scl]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[323.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[324.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[324.scl][localNrd.inf]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[324.scl][localNRD.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[324.scl][preInsln.exe]
Adware:Adware/Transponder No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[324.scl][polall1l.exe]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[325.scl]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[326.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[327.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[328.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[329.scl]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[33.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[330.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[331.scl]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[332.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[333.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[334.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[335.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[336.scl]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[337.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[338.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[339.scl]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[34.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[340.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[341.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[342.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[343.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[344.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[345.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[346.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[348.scl]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[349.scl]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[35.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[350.scl]
Spyware:Spyware/LocalNRD No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[351.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[352.scl][conscorr.inf]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[352.scl][conscorr.exe]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[352.scl][conscorr.ini]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[353.scl]
Adware:Adware/IPInsight No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[354.scl]
Adware:Adware/TopRebates No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[361.scl]
Adware:Adware/WUpd No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[39.scl]
Adware:Adware/Transponder No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[4.scl]
Adware:Adware/ExactSearch No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[41.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[44.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[45.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[46.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[47.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[48.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[49.scl]
Adware:Adware/Transponder No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[5.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[50.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[51.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[52.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[53.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[54.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[55.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[56.scl]
Adware:Adware/Comet No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[57.scl]
Spyware:Spyware/LinkReplacer No disinfected C:\Program Files\Free Spyware Scanner\Backup\02_08_200514_57_05.zip[9.scl]
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/SearchRelevancy No disinfected C:\Program Files\SearchRelevant\SearchRelevant.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ServeAd\WinAtServ.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ServeAd\WinServSuit.exe
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.12\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.13\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1100.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\dlmax.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\SYSTEM32\iasada.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd

Edited by JoeCool, 23 June 2005 - 11:00 PM.

  • 0

#7
Excal
Posted 23 June 2005 - 10:47 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c24.cab

7. click the Fix Checked box

8. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Media Access

9. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Media Access

10. Reboot into normal mode and please run this online virus scan: Kaspersky
- Save the results from the scan!

11. Please post the Kaspersky log and a fresh HiJackThis log. Let me know how your computer is running.

Edited by Excal, 23 June 2005 - 10:54 PM.

  • 0

#8
JoeCool
Posted 23 June 2005 - 11:58 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:56:36 AM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hereandnow.northwestern.edu/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by JoeCool, 24 June 2005 - 12:00 AM.

  • 0

#9
JoeCool
Posted 24 June 2005 - 12:00 AM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks again. In case you didn't catch it, the activescan finally worked and I pasted the results in my previous post by editing it.

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Friday, June 24, 2005 00:54:24
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/06/2005
Kaspersky Anti-Virus database records: 127529
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 50044
Number of viruses found: 33
Number of infected objects: 601
Number of suspicious objects: 4
Duration of the scan process: 1849 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip/polall1l.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan1.zip/wuclient.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RexServicesAdtrojan1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B00000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B00000.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B00000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B00000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B00000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B80000.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0000.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0001.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0001.VBN Infected: Exploit.HTML.ObjData
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0002.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0003.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0004.VBN Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0005.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0006.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0007.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0008.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC0009.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000A.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000B.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000C.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000C.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000C.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000C.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000C.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000D.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000D.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000D.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000D.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000D.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000E.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00CC000F.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0002.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0003.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: Virus.Win32.Nsag.a
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0000.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0001.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0002.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0003.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0004.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0005.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0006.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0007.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0008.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0009.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C000F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0010.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0011.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0012.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0013.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0014.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0015.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0016.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0017.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0018.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0019.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C001F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0020.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0021.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0022.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0023.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0024.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0025.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0026.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0027.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0028.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0029.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C002F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0030.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0031.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0032.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0033.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0034.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0035.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0036.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0037.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0038.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0039.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C003F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0040.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0041.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0042.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0043.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0044.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0045.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0046.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0047.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0048.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0049.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C004F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0050.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0051.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0052.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0053.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0054.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0055.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0056.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0057.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0058.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0059.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C005F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0060.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0061.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0062.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0063.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0064.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0065.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0066.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0067.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0068.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0069.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C006F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0070.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0071.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0072.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0073.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0074.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0075.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0076.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0077.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0078.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0079.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C007F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0080.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0081.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0082.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0083.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0084.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0085.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0086.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0087.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0088.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0089.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008A.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008B.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008C.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008D.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008E.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C008F.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0090.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0091.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0092.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0093.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0094.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0095.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0096.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0097.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0098.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C0099.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009A.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009B.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009C.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009D.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009E.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C009F.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A0.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A1.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A2.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A3.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A4.VBN Infected: Trojan.Win32.StartPage.ix
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A5.VBN Infected: Trojan.Win32.StartPage.ix
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A6.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A7.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A8.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00A9.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AA.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AB.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AC.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AD.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AE.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00AF.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B0.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B1.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B2.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B3.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B4.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B5.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B6.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B7.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B8.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00B9.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BA.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BB.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BC.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BD.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BE.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00BF.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C0.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C1.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C2.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C3.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C4.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C5.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C6.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C7.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C8.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00C9.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CA.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CB.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CC.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CD.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CE.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00CF.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D0.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D1.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D2.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D3.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D4.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D5.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D6.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D7.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D8.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00D9.VBN Infected: Trojan-Downloader.Win32.Agent.fw
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00DA.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00DB.VBN Infected: Trojan-Downloader.Win32.Agent.jy
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00DC.VBN Infected: Trojan.Win32.StartPage.sc
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\025C00DD.VBN Infected: Trojan.Win32.StartPage.sc
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04180000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04180001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04180002.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04180003.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A80000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A80000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A80000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A80000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140000.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140001.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140002.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140003.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140004.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140005.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07140006.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07180000.VBN Infected: Trojan.Win32.StartPage.uz
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\073C0001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\074C0000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\074C0001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\075C0000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\075C0001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600000.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600001.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600002.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600003.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600004.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07600005.VBN Infected: Trojan-Downloader.Win32.Small.vq
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Q
  • 0

#10
Excal
Posted 24 June 2005 - 01:00 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi JoeCool,

hee hee, used have told you to empty your Quarantine areas in your virus protector and spyware programs...lol.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Media Access
C:\Program Files\SearchRelevant
C:\Program Files\Common Files\iiww
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Windows ServeAd

4) Once in Safe Mode,
8. Please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINDOWS\downloaded program files\ATPartners.inf
    C:\WINDOWS\System32\tsuninst.exe
    C:\Documents and Settings\Adam Gross\Application Data\tvm*.dll
    C:\WINDOWS\inf\polall1r.inf
    C:\WINDOWS\satmat.ini
    C:\WINDOWS\System32\preuninstall.exe
    C:\WINDOWS\System32\lmf32v.dll
    C:\WINDOWS\inf\dlmax.inf
    C:\WINDOWS\System32\WUCLIENT.dat
    C:\WINDOWS\System32\wp.bmp
    C:\Documents and Settings\Adam Gross\Application Data\PSGuard.com
    C:\Documents and Settings\Adam Gross\Application Data\tvmuknwrd.dll
    C:\Documents and Settings\Adam Gross\Desktop\backups\backup-20050623-122659-631.dll
    C:\Program Files\FASoft\n-Track Studio 4\ntrckresdll.dll
    C:\WINDOWS\Downloaded Program Files\ATPartners.inf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.11\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.12\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.13\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.dll
    C:\WINDOWS\Downloaded Program Files\HDPlugin1100.dll
    C:\WINDOWS\INF\dlmax.inf
    C:\WINDOWS\INF\polall1r.inf
    C:\WINDOWS\satmat.ini
    C:\WINDOWS\SYSTEM32\iasada.dll
    C:\WINDOWS\SYSTEM32\ide21201.vxd
  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.
Post a fresh hijack log please. And let me know how you computer is running!!

thanks,

:tazz:

Excal
  • 0

Advertisements

#11
JoeCool
Posted 24 June 2005 - 10:22 AM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
After running the killbox, the program wouldn't let me reboot and the following message appeared:
pendingfilerenameoperations registry data has been removed by an external process!

I'm not sure if this is an issue or not, either way I rebooted manually.

My computer seems to be running a lot better but there are still some areas that seem to be affected yet. One of which is my Outlook Express. It stopped sending and recieving mail as the virus became worse. Thanks again for all of your time and help.

Logfile of HijackThis v1.99.1
Scan saved at 11:21:39 AM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hereandnow.northwestern.edu/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#12
Excal
Posted 24 June 2005 - 11:52 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi JoeCool,

  After running the killbox, the program wouldn't let me reboot and the following message appeared:
pendingfilerenameoperations registry data has been removed by an external process!


That either means killbox could not find the file, or couldn't read it.

My computer seems to be running a lot better but there are still some areas that seem to be affected yet. One of which is my Outlook Express. It stopped sending and recieving mail as the virus became worse. Thanks again for all of your time and help.



the malware you had on your system may have changed your settings in outlook. If you are unsure of your settings, most ISP will help you with the proper settings.


Let me know if that fixes it. Also are there any others problems?


Thanks,

:tazz:

Excal
  • 0

#13
JoeCool
Posted 24 June 2005 - 12:18 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My desktop configurations have also been changed by this virus. Some of the tabs under properties are now missing and I am subsequently unable to have a background. I’m sure I can deal with that later.

The strange part is, after all of this was seemingly resolved this morning, I came back to my computer to check my email when all of a sudden I received some popups and a new toolbar in IE. I deleted the toolbar and then ran Spyware Doctor. While I had the virus spyware doctor came up with nothing, but now after I thought it was removed it registered 418 infections. If you could take a look at my new scan that would be most appreciated.

Thanks


Logfile of HijackThis v1.99.1
Scan saved at 1:18:33 PM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msxct.exe
C:\WINDOWS\System32\cmt46bgk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam Gross\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [cmt46bgk] C:\WINDOWS\System32\cmt46bgk.exe
O4 - HKLM\..\RunOnce: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /C /FS /X
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba.../0006_adult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#14
Excal
Posted 24 June 2005 - 04:07 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi,


I really need you to stop using Internet Explorer. If you can, please download firefox (link in my signature), this is far safer than IE. If you want to go to IE after we are done, I will give u a link to tighten its security.(you have to use IE for the active scan at the end of this fix)


I want to try this. I think u might have the remisnisces of smithfaud, so lets try a full fix and see if it dosen't come up with somethign.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [cmt46bgk] C:\WINDOWS\System32\cmt46bgk.exe



Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\msxct.exe
C:\WINDOWS\System32\cmt46bgk.exe


===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


Open Ad-aware and do a full scan. Remove all it finds.


Now open Ewido Security Suite
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save Report
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut(you have to use IE for this scan), then do a full system scan. Make sure the autoclean box is checked!

Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.
  • 0

#15
JoeCool
Posted 06 July 2005 - 08:57 PM

JoeCool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Excal,

I apologize for the delay in my response – I was out of town in anticipation of Independence Day. I’ve been back for a day and a half now and I can’t see that anything is wrong with my computer anymore. Oddly enough, it’s seemingly fixed. Thank you very much for all of your time and help. I’ll be sure to come back if it starts acting up again.

Thanks again!
JoeCool

Edited by JoeCool, 06 July 2005 - 08:58 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP