Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

lockx and pokapoka75 [RESOLVED]

Started by Novastang , Oct 13 2005 11:40 AM

  • This topic is locked This topic is locked

#1
Novastang
Posted 13 October 2005 - 11:40 AM

Novastang

    New Member

  • Member
  • Pip
  • 4 posts
Hi, I've been trying to follow along in past posts for people with lockx and pokapoka, but it seems that something just isn't working right. As of yesterday, it seemed as if the viruses were gone, but today they're back. I have copies of AIMfix, LQfix, and CWS Shredder. When I run AIMfix and CWS in the order they were suggested, and they seem to say they fixed the problems, however, they haven't. LQfix has never told me that it has completed, maybe because there are multiple users which require login on this computer? I'm not quite sure what to do. Norton's bundle was also installed on this computer, which I tried to remove, but it doesn't seem that it it totally out of the registry yet, I wonder if that's related?

I'm also currently using Ad-Aware professional and NOD32 antivirus.

Thanks for your help!

Here's a copy of my Hijack this log...

Logfile of HijackThis v1.99.1
Scan saved at 12:38:14 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM\aim.exe
C:\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\AOL\1129145262\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1129145262\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1129145262\ee\AOLServiceHost.exe
C:\Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128923287321
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
miekiemoes
Posted 13 October 2005 - 01:03 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello, please delete your previous copies of AIMfix and LQfix, because both tools has been updated.

Also, make sure you're only logged in with above account.

Perform my steps in exactly the same order..

I see you have adwatch running and that is the reason why LQfix also fails, because adwatch blocks a runonce entry that LQfix creates.
The problem here is... even when you disable adwatch and run the fixes, adwatch still interferes with it in a way.
That's why I suggest you uninstall Adaware Pro and reboot, so I'm sure adwatch is also gone.
You can reinstall adaware Pro after your system is clean again.

So uninstall Adaware and reboot!! Important.

After reboot... download and use this AIMfix:
http://www.jayloden.com/aimfix.htm

Close all open programs, including AIM and doubleclick AIMfix.exe
This will delete related files and related entries in the registry.

Reboot afterwards.

After reboot..

Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active internetconnection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HJT and post a new log by using Add Reply
  • 0

#3
Novastang
Posted 13 October 2005 - 02:57 PM

Novastang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, thanks so much for your help. It looks like this did the trick...is there anything else I should do or run?

Logfile of HijackThis v1.99.1
Scan saved at 3:55:15 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [explorer] iexplorer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128923287321
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
miekiemoes
Posted 13 October 2005 - 03:16 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

We are not finished yet... There are still some leftovers in your log:

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\RunServices: [explorer] iexplorer.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

* Click on Fix Checked when finished and exit HijackThis.

I also want you to perform an onlinescan with Kaspersky. This one doesn't delete files, but it shows a log afterwards.

So, Perform an online scan with Kaspersky Online Scanner

Click "Launch Kaspersky Anti-Virus Web Scanner"
You will be prompted if you want to install an ActiveX component from Kaspersky, click yes.
This will start downloading the latest definition files.
Once the files have been downloaded click on "Next"

* Click "Scan Settings"
Select the following in Scan Settings (normally they are already selected by default)

°Scan using the following Anti-Virus database: Standard

°Scan Options: Scan Archives
Scan Mail Bases

* Click OK
* Under select a target to scan, select "My Computer"

* This program will start to scan your system.
The scan will take a while so be patient and let it run.
When the scan is done, it will show a list of infected files found.

* Click on the "Save as Text"- button:
Save the scan log and post it along with a new HijackThis Log
  • 0

#5
Novastang
Posted 13 October 2005 - 06:01 PM

Novastang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, here's the results from the 2 scans..

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, October 13, 2005 18:57:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 14/10/2005
Kaspersky Anti-Virus database records: 144595
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 66515
Number of viruses found: 40
Number of infected objects: 233
Number of suspicious objects: 4
Duration of the scan process: 8397 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Jason\Local Settings\Temp\k_89EC.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\00983208.gif Infected: Exploit.HTML.Mht
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\009B5C04.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\009B5C04.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\009B5C04.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\009B5C04.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\009B5C04.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\01B460FB.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\03724670.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\042B58ED.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\043C10FF.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\04F3750E.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\05B21C40.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\07E82B3C.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\083E51BC.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\08FF215F Infected: Trojan.Java.ClassLoader.aj
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\09024B5C Infected: Exploit.Java.Bytverify
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0A8A214E Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0ACB2014 Infected: Trojan-Proxy.Win32.Ranky.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0B1949C1.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0BB71062 Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0BCF1104.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0D9B42C4.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0E380009.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\0FBD7409.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\12663D41.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\14200EF6.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\16432DDB.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1648601C.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\164C0A18.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\192D0D39.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1BF56D97.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1CA81891.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1D2F3E73.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1D324902.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1DE37E81.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1DEB749B.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1FDE21E0.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\1FE24BDC.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\20112FDA.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\20812E5D.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\21E42FAA.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\221161F2.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\22A2426D.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\235E4109.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\261A6002.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\27636E4D.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\28193941.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\28B028DF.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2B2A69A5.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2C300996.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2C303D08.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2C5700C4.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2E3F7DA0.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2FAB641C.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\2FD74374.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\30201478.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\30AB2B65.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\338E28AF.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\34B05D2C.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\36C85308.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\36F27F9B.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\37DE74D2.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\383868D5.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3ACB6026.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3AD662DC.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3C6F09AE Infected: Trojan-Proxy.Win32.Ranky.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3CF61202.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3DED5C27.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\3E764D43.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\401E07BB.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\4039757A.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\406202F7.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\42D6451B.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\44606DFE.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\45C870E3/launch.html Suspicious: Trojan-Downloader.JS.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\45C870E3 Suspicious: Trojan-Downloader.JS.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\45CB1AE0 Suspicious: Exploit.HTML.Mht
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\481E4E69.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\4A062FB3.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\4EE73861.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\50335B3E.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\503D5933.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\50F32076.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\52255BB9.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\522805B6.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\53CA53BF.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\54387F51.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\54884F37.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\54A37613.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\575066B7.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\580533D2.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\58085DCE.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\58BB0DDF.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5B2705A3.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5B7D25FD.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5CCC1D9B Infected: Trojan-Proxy.Win32.Ranky.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5D3C7945 Infected: Trojan-Dropper.Java.Beyond.d
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5EA153DD.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5F473126.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\5FDD6B07.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\613D293B.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\6213202C Infected: Trojan-Proxy.Win32.Ranky.gen
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\62234E93.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\6298724C.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\644C254A.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\696C5F24.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\700E1953.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7145155C.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\716E2FF8.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\71833137.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\71A7709D.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\73E42CC3.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\75C807C4.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\76EC7617.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\771C6AFD.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\792D4A7F.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7AF462C3.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7B5C2BE9.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7B8C3ED7.exe Infected: Backdoor.Win32.Agobot.jm
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7BD2026D.sys Infected: Rootkit.Win32.Agent.l
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7C9718C0.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7E54177D.exe Infected: Net-Worm.Win32.Welchia.b
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F34518F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F34518F.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F34518F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F34518F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F34518F.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7F6F454F.gif Infected: Exploit.HTML.Mht
C:\Norton SystemWorks\Norton AntiVirus\Quarantine\7FA41A68.exe Infected: Net-Worm.Win32.Welchia.b
C:\Program Files\Eset\infected\IUHNRLBA.NQF/powerscan.exe Infected: Trojan-Downloader.Win32.IstBar.gg
C:\Program Files\Eset\infected\IUHNRLBA.NQF Infected: Trojan-Downloader.Win32.IstBar.gg
C:\Program Files\Eset\infected\M1XFXIAA.NQF Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Eset\infected\O5C4FZCA.NQF Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Eset\infected\RC343AAA.NQF Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Eset\infected\RSRMNZBA.NQF Infected: Trojan-Downloader.Win32.Agent.tv
C:\Program Files\Eset\infected\SC2YX2DA.NQF Infected: Backdoor.Win32.IRCBot.hp
C:\Program Files\Eset\infected\Y1KF2ZAA.NQF Infected: Trojan.Win32.EliteBar.d
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\065E5FAA.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09DE0DB3.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09DE0DB3.scr Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11864C4F.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11864C4F.scr Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144D0642 Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144D0642.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A370C90.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A515C73.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F6C67E5.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F7665DA.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20757AD3.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22B36DA3.exe Infected: Trojan-Downloader.Win32.Dyfuca.de
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22BD6B98.exe Infected: Trojan-Downloader.Win32.Dyfuca.de
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23273C32.exe Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\233E6219.tmp Infected: Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23410C15.tmp Infected: Trojan-Downloader.Win32.Dyfuca.de
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23525E03.dll Infected: Trojan.Win32.Pakes
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\238353CD.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\238D51C3.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\238E6AB2.exe Infected: Trojan-Downloader.Win32.Dyfuca.ep
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23907BBF.exe Infected: Trojan-Downloader.Win32.Dyfuca.ep
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23943EAB.htm Infected: Trojan-Clicker.JS.Linker.g
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\239A79B4.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23A721A6.exe Infected: Trojan.Win32.Small.cy
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2455323D.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\245F3032.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\265E4A97.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27AB0528.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27C5550C.reg Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28A3083C.bat Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\344D047C Infected: Trojan-Clicker.JS.Linker.h
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36177A84 Infected: Trojan-Clicker.JS.Linker.h
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36411C56 Infected: Trojan-Clicker.JS.Linker.h
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37812EF6 Infected: Trojan-Clicker.JS.Linker.h
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\396D21DB.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A693809.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40F02DA1.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\421050D7 Infected: Trojan-Clicker.JS.Linker.h
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42653D01.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\426866FD.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43224031.exe Infected: Trojan-Downloader.Win32.Apropo.t
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44162FB3 Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44162FB3.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C4A6A3A Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4CA40EFD.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4F7608B7.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip/web.exe Infected: Trojan-Clicker.Win32.Small.fy
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA02A89.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\505E5D78.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\50B33E06.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53AD67D4.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53B765C9.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54585330.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58955D00.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58A204F2.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60F91FBB.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\610073B3.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61031DB0.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61683340.dll Infected: Trojan-Downloader.Win32.Adroar
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61AA7AF9.exe Infected: Trojan-Downloader.Win32.Adroar
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61B04EF1.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61B04EF1.exe/stream Infected: Trojan-Clicker.Win32.VB.ex
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61B04EF1.exe Infected: Trojan-Clicker.Win32.VB.ex
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62190E7E.exe Infected: Trojan-Clicker.Win32.VB.ex
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62921FF9.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62F16B93.scr Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62F73F8C.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62FA6989.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62FE1385.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62FE1385.scr Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64197059.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\647534C0.exe/kans.reg Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\647534C0.exe/kansup.reg Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\647534C0.exe/trufkz.html Infected: Trojan-Clicker.JS.Linker.g
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\647534C0.exe/x.bat Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\647534C0.exe Infected: Trojan.WinREG.LowZones.f
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68270DE0.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\693B3CF8.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D1E0273.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70FD763D.exe Infected: Backdoor.Win32.SdBot.zd
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72BE15B5.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\759C3ACF.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76027FCB.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\760953C3.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0A04DD.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D936846.sys Infected: Rootkit.Win32.Agent.l
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E4E51B4.exe Infected: P2P-Worm.Win32.SpyBot.gen
C:\System Volume Information\_restore{83AD904C-3A0A-45CB-9155-077393476487}\RP493\A0272153.dll Infected: Trojan-Downloader.Win32.Agent.mk
C:\System Volume Information\_restore{83AD904C-3A0A-45CB-9155-077393476487}\RP493\A0272155.bat Infected: Trojan.BAT.KillProc.a
C:\WINDOWS\minigolf_affiliate.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.g
C:\WINDOWS\minigolf_affiliate.exe Infected: Trojan-Downloader.NSIS.Agent.g
C:\WINDOWS\Wast2.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\Wast2.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\Wast2.exe Infected: Trojan-Downloader.Win32.Adroar

Scan process completed.

_______________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 6:59:44 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128923287321
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
miekiemoes
Posted 13 October 2005 - 06:12 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
I see a clean log here. :tazz:

Please open your Eset and Norton and delete everything present in the Quarantaine-option.

Then delete next files:

C:\WINDOWS\minigolf_affiliate.exe
C:\WINDOWS\Wast2.exe

*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Tell me how things are running afterwards. :)
  • 0

#7
Novastang
Posted 13 October 2005 - 06:38 PM

Novastang

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks so much. Everything seems to be running fine now. :tazz:
  • 0

#8
miekiemoes
Posted 13 October 2005 - 06:44 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Glad I could help. :tazz:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft...xp/iesecxp.mspx

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :)
  • 0

#9
miekiemoes
Posted 17 October 2005 - 03:03 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP