Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can anyone assist me here?


  • This topic is locked This topic is locked

#1
Test_Eagles

Test_Eagles

    Member

  • Member
  • PipPip
  • 13 posts
Hi Guys. I didnt want to post here, I wanted to do it on my own, but I just can't fix this. We're gonna have to get a guy in if this dosn't work, and that aint cheap. Last time we had a major spyware/adware problem I was able to clear it up using the sticky's posted on these forums, even though it took some time. Basically last time it involved running Sbybot S&D, Ad Aware, and Spw Sweeper, a lot of times in both normal and safe mode, and eventually I either cripplied the adware or got rid of it.

But this time has not been so simple. Spy Sweeper has expired, so Im down to the other two.

First Ill tell you the symptoms this time:

A)Hijacked browser when going to certain sites. It says "Sorry, we could not find the site you were looking for". "Try searching for it in one of these great categories". This is a particular problem because it does it everytime I try to trade shares at www.comsec.com.au. Oddly, it does not do it at most other sites. Commsec.com.au I believe is a https://, so Im wondering if the security thing could have anything to do with it. Ive tried turning down the security in internet options, hasn't worked.

B)MSN messenger refuses to login. When I troubleshoot it, it tells me there is a problem with the default gateway.

C)Norton Antivirus has permanently disbabled itself. When I click Enable, it ignores me.

D)Norton Firewall has disabled itself. When I click "Block Traffic" It tells me "restricted accounts are not allowed to disbale or block traffic". It has never said that before.

-------------------

Ok so here's what Ive done. Ive run S&D multiple times and it came up with some interesting things. Two of them were:

Windows Security Centre.AntivirusDisableNotify
Windows Security Centre.FirewallDisableNotiffy

I assume this is the cause of the firewall and AV not working? I delete them, but they keep coming back. After S&D has supposedly delteed them, it makes no change to the firewall or AV.

The other one that will not delete is NewDotNet, which is associated with WhenUSave. It deletes everything but the two registry keys.

HKEY_USERS\s-1-5-21-1943300873-1235171577-3355976831-1003\Software\new.net
HKEY_USERS\.DEFAULT\Software\new.net

Oddly enough, a third registry key that refused to delete all yesterday (HKEY_USERS\S-1-5-18\Software\new.net) finally (supposedly) deleted this morning. But it wouldnt surprise me too see it back tomorrow.

Since my recent assault started. IE has been better. Rather than being Hijacked when I got to comsec, it just says 'this page cannot be displayed'. Firefox still gets hijacked but no IE (touch wood). But I do need to get comsec working, and Im wondering if there is some connectivity problem related to the MSN thing. It also does it other times, like on the Optus site when I try to personalize my share portfolio. "This page cannot be displayed". Its not a server thing its been doing it for a while.

-----------------

Im not sure if its neccessary, but Ill put in my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:08:26 AM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\AGRSMMSG.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SpywareDetectorSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareDetector\SDMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Marks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: HyperSearchHook - {DC1302BC-80FB-4250-9EE1-9FBB2A5EC5FE} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13F5BF7F-9144-D814-9BDE-CEB576DB5D37} - C:\DOCUME~1\Owner\APPLIC~1\CORNLO~1\Bend readme.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BowsRectByteUp] C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT\LiveThis.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\WINDOWS\system32\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SettingsName] C:\DOCUME~1\Owner\APPLIC~1\FILMAM~1\modeopen.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpyDetectSVC - Max Secure Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-------------------

Id be SO appreciative if anyone has any ideas. Like i say we'll have the get a guy in otherwise. Thanks everyone.
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

We need to see a little more information.

Download FindLop. Unzip the file. It will create a folder. From the extracted files, locate findlop.bat and double click on it. It will generate a log file - C:\findlop.txt

Find that file and copy the content into your next post.



Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net...wnload/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer and post a new hijackthis log, the log from Ewido, and the log from FindLop.
  • 0

#3
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi. Thanks very much for helping me out here. I know you must get bored of endless people coming to this forum demanding your help and posting up pages and pages of code for you to tirelessly look over.

Wow threads drop fast in this place dont they? Page 2 allready. Its been like an hour.

Ok so I did everything you said. I did have problems updating the Ewido software and had to do it the manual way through the link you gave me. All my programs (Ad Aware, S&D, Ewido) will not update anymore. My guess would be this problem is related to the MSN connecting problem.

Ok so here are the logs you requested:

-------------------------

FINDLOP:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job '8F1CE44B97F7DC9B.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\owner\applic~1\filmam~1\wave eq intra.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/27/2005 5:00:00
NextRun: 11/25/2005 12:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/22/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A3BBCBE591847D4D.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\owner\applic~1\filmam~1\wave eq intra.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/27/2005 5:00:00
NextRun: 11/25/2005 12:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/15/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Easy Internet Sign-up.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Easy Internet signup\HPSdpApp.exe'
Parameters: '/remind'
WorkingDirectory: ''
Comment: ''
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Once
StartDate: 01/06/2005
EndDate: 00/00/0000
StartTime: 17:50
MinutesDuration: 43200
MinutesInterval: 30
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer - Owner.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\PROGRA~1\NORTON~1\NAVW32.EXE'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/24/2005 22:00:06
NextRun: 11/25/2005 22:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 12/27/2004
EndDate: 00/00/0000
StartTime: 22:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\PROGRA~1\NORTON~1\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/24/2005 22:00:08
NextRun: 11/25/2005 22:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 12/07/2004
EndDate: 00/00/0000
StartTime: 22:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/25/2005 10:16:00
NextRun: 11/25/2005 14:16:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/25/2005
EndDate: 00/00/0000
StartTime: 14:16
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

---------------

EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:37:29 PM, 11/25/2005
+ Report-Checksum: 75C9261B

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC1302BC-80FB-4250-9EE1-9FBB2A5EC5FE}\{8853F881-81B6-4049-9AFF-483A20184268}\\ClassObject -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC1302BC-80FB-4250-9EE1-9FBB2A5EC5FE}\{8853F881-81B6-4049-9AFF-483A20184268}\\ProductID -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC9F80B3-4B5A-4B43-9DC6-02294B6A7064}\{8853F881-81B6-4049-9AFF-483A20184268}\\ClassObject -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC9F80B3-4B5A-4B43-9DC6-02294B6A7064}\{8853F881-81B6-4049-9AFF-483A20184268}\\ProductID -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKU\S-1-5-21-1943300873-1235171577-3355976831-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1943300873-1235171577-3355976831-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B2F5308-2CB0-40E2-8030-59936ED5D22C} -> Spyware.HyperBar : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker -> Spyware.BlockChecker : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker -> Spyware.BlockChecker : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Block Checker\Block Checker\Block Checker.lnk -> Spyware.BlockChecker : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Spyware.BlockChecker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\D3RYIQ14\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Block Checker -> Spyware.BlockChecker : Cleaned with backup
C:\Program Files\Block Checker\Block Checker.exe -> Spyware.BlockChecker : Cleaned with backup
C:\Program Files\Block Checker\setup.log -> Spyware.BlockChecker : Cleaned with backup
C:\Program Files\Block Checker\setup_finish.exe -> Spyware.BlockChecker : Cleaned with backup
C:\Program Files\Block Checker\uninstall.exe -> Spyware.BlockChecker : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup


::Report End

------------------

And a new Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:46 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\SpywareDetectorSVC.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Marks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: HyperSearchHook - {DC1302BC-80FB-4250-9EE1-9FBB2A5EC5FE} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13F5BF7F-9144-D814-9BDE-CEB576DB5D37} - C:\DOCUME~1\Owner\APPLIC~1\CORNLO~1\Bend readme.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BowsRectByteUp] C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT\LiveThis.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\WINDOWS\system32\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SettingsName] C:\DOCUME~1\Owner\APPLIC~1\FILMAM~1\modeopen.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpyDetectSVC - Max Secure Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

----------

Thanks man, your a champion.
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's get rid of the LOP infection for you first and then we'll see what else is left to deal with.

Open notepad and copy and paste this text in it:
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A3BBCBE591847D4D.job
del A3BBCBE591847D4D.job
attrib -r -s -h 8F1CE44B97F7DC9B.job
del 8F1CE44B97F7DC9B.job
deltree /y c:\docume~1\owner\applic~1\filmam~1
deltree /y C:\DOCUME~1\Owner\APPLIC~1\CORNLO~1
deltree /y C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT

Save this as remjob.bat , choose to save it as *all files and place it on your desktop.
Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.


Before proceeding with this next step, you will need to disable Spyware Guard. Otherwise it will interfer with the fix by Hijackthis.


Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: HyperSearchHook - {DC1302BC-80FB-4250-9EE1-9FBB2A5EC5FE} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: (no name) - {13F5BF7F-9144-D814-9BDE-CEB576DB5D37} - C:\DOCUME~1\Owner\APPLIC~1\CORNLO~1\Bend readme.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [BowsRectByteUp] C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT\LiveThis.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKCU\..\Run: [SettingsName] C:\DOCUME~1\Owner\APPLIC~1\FILMAM~1\modeopen.exe



Reboot and post a new hijackthis log.

In addition, I need to see a different log from Hijackthis.
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Edited by Buckeye_Sam, 25 November 2005 - 04:27 PM.

  • 0

#5
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok thanks, did all that, here is the new HJthis log:

---------------

Logfile of HijackThis v1.99.1
Scan saved at 11:26:50 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\SpywareDetectorSVC.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Marks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\WINDOWS\system32\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpyDetectSVC - Max Secure Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-----------------

And here is the special list you requested:

-----------------

3D Ultra Pinball
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
Agere Systems PCI Soft Modem
ArcSoft PhotoStudio 5.5
AVG Free Edition
Block Checker 1.0
Bodog Poker Version 1.9.12.0
Bridge Base Online
Canon CanoCraft CS-P 3.7
Canon MP Drivers 7.0
Canon MP Navigator 1.1
Canon ScanGear Starter
Canon ScanGear Toolbox CS
Canon Utilities Easy-PhotoPrint
Casino-on-Net
CC_ccProxyMSI
CC_ccStart
ccCommon
Championship Chess
CleanUp!
Diablo II
Easy File Sharing Web Server Upgrade [3/22/2005]
Easy Internet Sign-up
Easy-WebPrint
EmpirePoker
e-tax 2005
ewido security suite
Far Cry
Google Earth
Google Toolbar for Internet Explorer
Hattrick Manager
HattrickPoli
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Pavilion PC Help
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HPIZ350
InterActual Player
InterVideo Home Theater
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Kazaa 3.0
KBD
Ladbrokes Poker
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
LucasArts' Grim Fandango
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta 97 Encyclopedia
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Money
Microsoft Money System Pack
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
Mozilla Firefox (1.0.4)
MSN Gaming Zone
MSN Messenger 7.5
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 Parser and SDK
Need for Speed Underground 2
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton WMI Update
NVIDIA Display Driver
OmniPage SE 2.0
P2P Networking
PartyPoker
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
River Past Audio Capture
River Past Video Cleaner Pro
River Past Video Slice
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
Sierra Utilities
Skype 1.3
SP2 Connection Patcher
SP2 Connection Patcher
Spybot - Search & Destroy 1.3
Spyware Detector
SpywareBlaster v3.4
SpywareGuard v2.2
System Process
Theme Hospital
Toolkit View(HP)
Ulead Photo Express 2.0 SE
UltimateBet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Updates from HP
Warez P2P Client 2.92
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Worms World Party
Xara3D6
Yahoo! Toolbar

--------------------

That should be everything.
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Block Checker 1.0
Spyware Detector <-- this is a rogue/suspect program



Fix this line with Hijackthis.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Delete this file.

C:\WINDOWS\ALCXMNTR.EXE


Reboot and post a new hijackthis log.
Let me know what problems you are still having.
  • 0

#7
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
mmk done that thanks.

Heres the problems we have atm:

*Norton Antivirus has still permanently disbabled itself. When I click Enable, it still ignores me.

*Norton Firewall has disabled itself. When I click "Block Traffic" It tells me "restricted accounts are not allowed to disable or block traffic".

*MSN messenger is still refusing to login. When I troubleshoot it, it tells me there is a problem with the default gateway.

*IE is having trouble with certain things. When on the optusnet home page and I click "personalize my porfolio", it also tells me the page cannot be displayed. The same problem with the share trading page www.comsec.com.au, but that one no longer comes up with a message, it just says "done", and the screen is blank white.

*Firefox is also having problems getting to comsec. When I enter in the site, it quickly takes me to a near blank screen with the message "The XML does not appear to have any style information associated with it. The document tree is shown below"

- <html>
<body>
</html>

Just as quickly as it appears, I am redirected again to this site: http://www.quickbrow....comsec.com.au/. "Try clicking on one of these search categories:" etc....

Here is the HJthis log:

-----------------

Logfile of HijackThis v1.99.1
Scan saved at 10:55:32 AM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Owner\Desktop\Marks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-----------------
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I'd run through the steps on this page as it sounds like your problem with accessing https pages.

http://support.micro...kb;en-us;813444


Let's be sure that's no malware hiding that's contributing to your problems.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry about delay in getting back to you. Ive been going slowly through that link you gave me doing most of the stuff, but none of it has worked yet.

Ok so here is the Kaspersky Log:

--------------------

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 28, 2005 19:04:00
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/11/2005
Kaspersky Anti-Virus database records: 161868
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 103676
Number of viruses found: 36
Number of infected objects: 629
Number of suspicious objects: 0
Duration of the scan process: 5541 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT\LiveThis.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Owner\Application Data\Corn Loud\Bend readme.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Owner\Application Data\filmamoklong\modeopen.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Owner\Desktop\Marks\backups\backup-20051126-112004-192.dll Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Owner\Desktop\Marks\WarezP2P_DLC.exe/stream/data0038 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Owner\Desktop\Marks\WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Owner\Desktop\Marks\WarezP2P_DLC.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED/reg_pass-data.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED/reg_pass-data.zip Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From eBay Inc <supprefnum062120694937@ebay.com>][Date Sun, 24 Jul 2005 07:21:19 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From eBay Inc <supprefnum062120694937@ebay.com>][Date Sun, 24 Jul 2005 07:21:19 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED/Dorothee.zip/1.exe Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED/Dorothee.zip Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Bagle.f
C:\Program Files\Canon\MP Navigator 1.1\mpn.exe Infected: not-a-virus:NetTool.Win32.Calc-DNet.d
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0005 Infected: Trojan-Downloader.Win32.Small.apc
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0028/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0028/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0028/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0028 Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream/data0029 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream/data0029/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream/data0029/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream/data0029/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream/data0029 Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream/data0030 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P222.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P_DLC.exe/stream/data0039 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Kazaa\My Shared Folder\WarezP2P_DLC.exe/stream/data0040 Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\Program Files\Kazaa\My Shared Folder\WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\Program Files\Kazaa\My Shared Folder\WarezP2P_DLC.exe Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\Program Files\Norton AntiVirus\Quarantine\00135A7C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\006D26DD Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\00795084 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\00DF468B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\00E63858 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\01320494 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\01774848 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\01BC0BFD Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\02873FA4 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\02B16CE0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\02C90CA0 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\03605D01 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\036352B4 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\03A96124 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\03EE24D8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\040E4D22 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\04B4254A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\04BD3D43 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\06203DB4 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\06650169 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\07110ED7 Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\07C07EF8 Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\080267B0 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\08525690 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\086A273D/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\086A273D Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\0873663F Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\08971A44 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\08B250A3 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\08D95C46 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\08DC5DF9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\091D5F39 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\093F524E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\09A54855 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\09CB4F5A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0A0B3E5D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0A713464 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0A7A3F7B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0AC93320 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\0AD72A6C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0B0E76D4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0B282F9B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0B3D2073 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0BA4167B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0C0A0C83 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0C70028A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0CD67892 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0D400FB0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0D7C0130 Infected: Trojan-Downloader.Win32.Swizzor.dl
C:\Program Files\Norton AntiVirus\Quarantine\0D855364 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0E177BA3 Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\Program Files\Norton AntiVirus\Quarantine\0E5B1644 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\0EAC44F9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0EDA6171 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0F885192 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\0FB76C40 Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Norton AntiVirus\Quarantine\0FFC2FF5 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\103741B3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\10CF1CC2 Infected: Email-Worm.Win32.Bagle.ck
C:\Program Files\Norton AntiVirus\Quarantine\10E531D3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\11EA051B Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\122F48D0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1403223D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\146161AC Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\14691845 Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\14A62560 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\14CF0E4C Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\15350454 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\156964B7 Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Norton AntiVirus\Quarantine\159B7A5B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\15F443EB Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\16027063 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1668666B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\16937A87 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\16A2340B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\16CE5C72 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\16D83E3C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\171D01F0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1734527A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\179A4881 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\18003E89 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\18663490 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\190A5717 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\194F1ACC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\19A837A1 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\1A247B8C Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\1AA535AD Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\1AA535AD.com Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\1B025602 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1B8133A7 Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton AntiVirus\Quarantine\1BB14623 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1BC6775C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1C5F3643 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1D0E2664 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1DB34C83 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\1E3D53EC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\1F935E3C Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\1FF95443 Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\Program Files\Norton AntiVirus\Quarantine\202A2913 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\20604A4B Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\206F6CC8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\20A712EE Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Program Files\Norton AntiVirus\Quarantine\20AB3CEA Infected: Trojan-Downloader.Win32.Swizzor.di
C:\Program Files\Norton AntiVirus\Quarantine\20AE66E7 Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton AntiVirus\Quarantine\20C64053 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\212C365A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\21922C62 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\21F82269 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\221C387B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\225E1871 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\22A105A3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\22C40E78 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\22CB289C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\22E64958 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\232A0480 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\237918BD Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\23907A87 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\23F449FB Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\23F7708F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\25186233 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\255D25E8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2666183B Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\26A00BFA/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\26A00BFA Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\272A4A93 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\274A7B0F Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\278F3EC3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\27D93AB3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\28882AD4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\29361AF5 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\29C1579F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2A061B54 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2B241A3A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2B8A1042 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2BF0064A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2C39342F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2C395CAA Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2C567C51 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2C7E77E4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2CBC7259 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2CF463AC Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Program Files\Norton AntiVirus\Quarantine\2D226860 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2D302D1C Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\2D345718 Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\Program Files\Norton AntiVirus\Quarantine\2D370115 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2D3A2B11 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\2D3D550D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2D417F0A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2D442906 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2D475303 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\2D4A7CFF Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\2D4E26FB Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\2D885E68 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2DEE546F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2E442D0C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2E554A77 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2E6B4D0B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2EB010BF Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2EBB407E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2EF31D2D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2F213686 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2F462DF9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2F872C8E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\2FA20D4E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\30457DF1 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\309D65E6 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\30E2299B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\31276D4F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\312F25A6 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\32A44F02 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\33144276 Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Norton AntiVirus\Quarantine\3359062B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\34012F44 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\355E0F86 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\358B1F07 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\35D062BB Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\36834AF8 Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton AntiVirus\Quarantine\371A4C41 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\37804248 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\37BD37E2 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\37E63850 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\38473F4B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\384C2E57 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\38B3245F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3910415B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\39191A66 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\397F106E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\39E50676 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3A4B7C7D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3A795827 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3AB17285 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3B17688C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3BCA01DE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3C3B3D8F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3CAB7102 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\3E1E5372 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\3EDD09DE Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\3F224D92 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\3F5B1E33 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\3F654949 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\3F671147 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\40D813F6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4154666E Infected: not-a-virus:AdWare.Win32.Lop.o
C:\Program Files\Norton AntiVirus\Quarantine\41870416 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\41992A23 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\42441238 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\42AA083F Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\43117E47 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\4377744E Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\43CB42FE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\43DD6A56 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\441006B3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4443605D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\44A95665 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\450F4C6D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\45754274 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\45DB387C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\45E7260D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\45FE5BDA Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\46335D3E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\46412E83 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\46431F8E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\46A8248B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\470E1A92 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4744064E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\484F1DA3 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\4875386A Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\48BA7C1E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\48C60814 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\4931336E Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\4AEC14FA Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\4B3158AF Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4D010886 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4D1E2DD5 Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\4D63718A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4DA8353F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4DAF78A7 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4EA13A45 Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\4F07304D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4F6D2655 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\4F950A66 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4FD31C5C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\4FDA4E1A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\502B7CED Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\50391264 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\509F086B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\50B23A5C Infected: not-a-virus:AdWare.Win32.Lop
C:\Program Files\Norton AntiVirus\Quarantine\51067E73 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\51612A7D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\516C747A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\51C72341 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\51D26A82 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\520C66F6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\52386089 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\525043CE Infected: Trojan-Downloader.Win32.Swizzor.du
C:\Program Files\Norton AntiVirus\Quarantine\52512AAA Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\529E5691 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\52B1002F Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\52BE0ABE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\535E2B4E Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\53E059A2 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\54834386 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\54C8073A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\56B55C61 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\56FA2016 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\57206580 Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\Program Files\Norton AntiVirus\Quarantine\57B63F14 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\57CC1CD5 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\57E96933 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\58E7753D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\59297D17 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\59717CA6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\59CB003D Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\5A317644 Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\Program Files\Norton AntiVirus\Quarantine\5A7F7D4A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\5A976C4C Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\5AFD6253 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5B5E51CD Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\5B64585B Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\Program Files\Norton AntiVirus\Quarantine\5BA31582 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5BCA4E62 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5BE85936 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5C30446A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5C963A71 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5CB163C7 Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\Program Files\Norton AntiVirus\Quarantine\5CFC3079 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5D622680 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5D891F0D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5DC81C88 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5DD52E5D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\5E1A7212 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5E2E1290 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5E967376 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\5EE67F4F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\5F7015A1 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\5F956F70 Infected: not-a-virus:AdWare.Win32.Lop.o
C:\Program Files\Norton AntiVirus\Quarantine\60084739 Infected: not-a-virus:AdWare.Win32.Lop
C:\Program Files\Norton AntiVirus\Quarantine\60435F91 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\604D0AED Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\60924EA2 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\619F4F45 Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Program Files\Norton AntiVirus\Quarantine\627F23C9 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\62983125 Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\62C4677E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\63462145 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\63F51166 Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\Program Files\Norton AntiVirus\Quarantine\64A30187 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\64D3183D Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton AntiVirus\Quarantine\64D6423A Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Program Files\Norton AntiVirus\Quarantine\64F60059 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\653B440E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\655271A8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\655B3C3B Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Program Files\Norton AntiVirus\Quarantine\65C23243 Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\Program Files\Norton AntiVirus\Quarantine\660061C8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6628284A Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\668E1E52 Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\Program Files\Norton AntiVirus\Quarantine\66F41459 Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\675A0A61 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\676D5CE9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\67B2209E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\67C00068 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\68267670 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\688C6C78 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\68F3627F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\69595887 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\699F75C5 Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\69B2139E Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\69BF4E8E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\69E43979 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6A6003BF Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6AEE3914 Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\Program Files\Norton AntiVirus\Quarantine\6AF26310 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6AF50D0D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6AF83709 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6AFC6105 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6AFF0B02 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B0234FE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B055EFB Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B0908F7 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B0C32F4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B0F5CF0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B0F73E0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B1206EC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B1630E9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B195AE5 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B1C04E2 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B1F2EDE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B2358DA Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B2602D7 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B292CD3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B2D56D0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B3000CC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B332AC8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B3654C5 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B3A7EC1 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B3D28BE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B4052BA Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B437CB6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B4726B3 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B4A50AF Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B4D7AAC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B5024A8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B544EA4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B5778A1 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B5A229D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B5E4C9A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B617696 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B642092 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B674A8F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B6B748B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B6E1E88 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B714884 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B747281 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B781C7D Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B7B4679 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B7E7076 Infected: not-a-virus:AdWare.Win32.Lop.o
C:\Program Files\Norton AntiVirus\Quarantine\6B811A72 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B85446F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B886E6B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B8B1867 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B8F4264 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B926C60 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B95165D Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\Program Files\Norton AntiVirus\Quarantine\6B984059 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B9C6A55 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6B9F1452 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BA23E4E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BA5684B Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BA91247 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BAC3C43 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BAF6640 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BB2103C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BB63A39 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BB96435 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BBC0E31 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BBD6400 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BBF382E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BC3622A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BC60C27 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BC93623 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BCD601F Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BD00A1C Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BD33418 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BD65E15 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BDA0811 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BDD320E Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BE05C0A Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BE30606 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BE73003 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BEA59FF Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BED03FC Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BF02DF8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BF457F4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6BF701F1 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6BFA2BED Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6BFE55EA Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C017FE6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C0429E2 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C0753DF Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C0B7DDB Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C0E27D8 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C1151D4 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C147BD0 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C165255 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C1825CD Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\6C1B4FC9 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C1E79C6 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C2123C2 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C254DBE Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C2877BB Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C2B21B7 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C2F4BB4 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C3275B0 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C351FAC Infected: not-a-virus:AdWare.Win32.Lop.z
C:\Program Files\Norton AntiVirus\Quarantine\6C3849A9 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C3C73A5 Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\Program Files\Norton AntiVirus\Quarantine\6C3F1DA2 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C42479E Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C45719B Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C491B97 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C4C4593 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C4F6F90 Infected: not-a-virus:AdWare.Win32.Lop.o
C:\Program Files\Norton AntiVirus\Quarantine\6C52198C Infected: Trojan-Downloader.Win32.Swizzor.du
C:\Program Files\Norton AntiVirus\Quarantine\6C564389 Infected: not-a-virus:AdWare.Win32.Lop
C:\Program Files\Norton AntiVirus\Quarantine\6C596D85 Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\Program Files\Norton AntiVirus\Quarantine\6C5B1609 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C5C1781 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C60417E Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C636B7A Infected: Trojan-Downloader.Win32.Swizzor.dm
C:\Program Files\Norton AntiVirus\Quarantine\6C661577 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C693F73 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C6C5421 Infected: Trojan-Downloader.Win32.Swizzor.cs
C:\Program Files\Norton AntiVirus\Quarantine\6C6D696F Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\Program Files\Norton AntiVirus\Quarantine\6C70136C Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C733D68 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C766765 Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C7A1161 Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\6C7D3B5D Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\6C80655A Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Norton AntiVirus\Quarantine\6C830F56 Infected:
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It's clear to see now that your problems are coming from Kazaa and WarezP2P. I strongly recommend that you uninstall both programs.

Please delete all quarantined items from Norton.

Please delete these folders:

C:\Documents and Settings\All Users\Application Data\LINK AMOK BOWS RECT
C:\Documents and Settings\Owner\Application Data\Corn Loud
C:\Documents and Settings\Owner\Application Data\filmamoklong



Run a new virus scan with Kaspersky and post the resulting log.
  • 0

Advertisements


#11
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks again.

KaZaa has been a funny creature. Last time I attacked the spyware on this PC it was one of the main targets. Spy Sweeper, Spybot and Ad Aware all took angrilly too it and poor old KaZaa didnt really stand much of a chance. The program pretty much got gutted and it now exists only as a shell of its former self. Every startup it says "KaZaa will not run until it is fixed, wouold you like to fix it now" and I always select No. Other than that me an KaZaa pretty much keeps to itself now, I don't bother it and it dosn't bother me.

I uninstalled it using add remove programs and suddenly realized "Oh [bleep]". I had deleted my entire folded (10Gb) of stuff. So my gods saving grace was the system restore, which restored to a point late yesterday afternoon after I posted the first Kaspersky log. Fortunetly I got my stuff back, but KaZaa now won't uninstall. It tells me the uninstall process encountered an error. I did move my stuff out of the folder first. Tried a reboot, but its looks like KaZaa is holding its ground now.

I havn't got rid of Warez as a whole yet, but I got rid of all the Warez's that showed up problems in the Kaspersky log.

Here is the latest Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 29, 2005 14:06:10
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/11/2005
Kaspersky Anti-Virus database records: 162052
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 103009
Number of viruses found: 25
Number of infected objects: 101
Number of suspicious objects: 0
Duration of the scan process: 5607 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Desktop\Marks\backups\backup-20051126-112004-192.dll Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED/reg_pass-data.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED/reg_pass-data.zip Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@nec.edu][Date Tue, 22 Nov 2005 07:32:57 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From eBay Inc <supprefnum062120694937@ebay.com>][Date Sun, 24 Jul 2005 07:21:19 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From eBay Inc <supprefnum062120694937@ebay.com>][Date Sun, 24 Jul 2005 07:21:19 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED/Dorothee.zip/1.exe Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED/Dorothee.zip Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx/[From "Mrosenfeld" <mrosenfeld@omr-architects.com>][Date Wed, 23 Nov 2005 15:42:11 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.f
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{63EC17FC-A3EC-4E4B-A26D-088761F0E622}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Bagle.f
C:\Program Files\Canon\MP Navigator 1.1\mpn.exe Infected: not-a-virus:NetTool.Win32.Calc-DNet.d
C:\Program Files\Warez P2P Client\apwarz0.exe Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045775.exe/setup.zip/2 Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045775.exe/setup.zip Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045775.exe Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045776.exe/setup.zip/2 Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045776.exe/setup.zip Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP253\A0045776.exe Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP256\A0045994.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048709.exe Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048710.exe Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048711.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048712.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048713.exe Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048715.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048716.exe Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048717.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048718.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048719.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048720.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048721.exe Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048722.exe Infected: not-a-virus:AdWare.Win32.Lop.o
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048723.exe Infected: not-a-virus:AdWare.Win32.Lop.o
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048724.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048725.exe Infected: Trojan-Downloader.Win32.Swizzor.du
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048726.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048727.exe Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048728.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048729.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048730.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048732.exe Infected: Trojan-Downloader.Win32.Swizzor.cr
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048733.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048734.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048735.exe Infected: Trojan-Downloader.Win32.Swizzor.ds
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048736.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048737.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048738.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048739.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048740.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048741.exe Infected: not-a-virus:AdWare.Win32.Lop.o
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048742.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048743.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP271\A0048744.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP282\A0053243.dll Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP287\A0053398.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP287\A0053399.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP287\A0053401.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP287\A0053407.exe Infected: Trojan-Downloader.Win32.Swizzor.du
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP290\A0054531.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP290\A0054532.exe Infected: Trojan-Downloader.Win32.Swizzor.du
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054993.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054994.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054996.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054997.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054998.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP303\A0054999.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP307\A0055139.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP307\A0055144.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP327\A0057241.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP327\A0057242.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP327\A0057243.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP327\A0057244.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP328\A0057293.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP329\A0057340.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060828.com Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060830.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060831.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060832.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0005 Infected: Trojan-Downloader.Win32.Small.apc
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0028/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0028/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0028/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0028 Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream/data0029 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060834.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream/data0029/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream/data0029/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream/data0029/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream/data0029 Infected: not-a-virus:AdWare.Win32.HyperBar.b
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream/data0030 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060835.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060836.exe/stream/data0039 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060836.exe/stream/data0040 Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060836.exe/stream Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060836.exe Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060837.exe/stream/data0038 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060837.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP334\A0060837.exe Infected: not-a-virus:AdWare.Win32.NewDotNet

Scan process completed.

---------------------

There is one other option Ive been avoiding.......I could system restore to a point some months ago when we didnt have these problems, but it would bring back all the malware we have gotten rid of?

Edited by Test_Eagles, 28 November 2005 - 10:34 PM.

  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
As you can see from your virus scan results your system restore files are heavily infected. So any system restore that you do now will just serve to reinfect you with the same malware that we're trying to get rid of.

Review the log from Kasperky and then go into your inbox and double delete all of the infected emails that it found.

Delete this file.

C:\Program Files\Warez P2P Client\apwarz0.exe

Once you have moved all of your downloads that you want to save into another location, delete this folder.

C:\Program Files\Kazaa


Reboot and post a new hijackthis log.
Let me know what problems you are still having.
  • 0

#13
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
We've gotten rid of so much Malware allready, and it hasn't changed the main problem which basically seems to be access to https:// sites. That link you gave me (http://support.micro...kb;en-us;813444) pretty much describes the problem we've been having to a T, but Ive done almost everything on the page and none of it has worked.

The only thing I havn't done is the System File checker, and it said some windows files needed to be reloaded. Our computer did not come with a reload CD for Windows XP, so would it be safe to use the one from the laptop if the windows versions are the same?

Would I be better off posting this in the Internet help forum?

Edited by Test_Eagles, 30 November 2005 - 01:29 AM.

  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

Would I be better off posting this in the Internet help forum?

You need to be sure you are clean first. They'll just send you back here if you still have malware.

As long as your disc from the other computer is for Windows XP, it will work fine for the purposes of running SFC.


Please post a new hijackthis log.
  • 0

#15
Test_Eagles

Test_Eagles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Allright thanks Sam, heres the new log:

----------------

Logfile of HijackThis v1.99.1
Scan saved at 6:13:08 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Documents and Settings\Owner\Desktop\Marks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

----------

How are we doing?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP