[Resolved] Enable Protection: "To help protect your computer

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Resolved] Enable Protection: "To help protect your computer, related to AntivirusXP 2008

Options

carpetdemon View Member Profile	Aug 15 2008, 09:57 PM Post #1
New Member Group: New Member Posts: 6 Joined: 15-August 08 Member No.: 80,986 Operating System: Windows XP	I recently ran a process to get rid of the malware AntivirusXP 2008 using something called mbam by Malwarebytes. It seemed to have worked. The AntivirusXP 2008 program is no longer on my computer. I think. There is a message that I am still receiving which I had started to get when I unfortunately downloaded/uploaded AntivirusXP 2008. The title bar says "Windows Security Alert". In the window itself at the top next to the Windows shield it says "To help protect your computer, Windows Firewall has detected activity of harmful software." Under that it asks "Do you want to block this software from sending data over the Internet?" Then it gives a description of the supposed problem. It is written like this: Name: Trojan-Spy.Win32.GreenScreen Risk Level: CRITICAL Description: This is spy trojan that installs itself to the system, hides itself and then captures screen images and saves them to dish files in encrypted form. Thus it allows to a hacker to watch screen images. It gives three options, but two are grey-ed out and you can only click on one which says "Enable Protection". When you click this button though, it takes you to a webpage that sells software to download that doesn't seem to be affiliated with Windows at all. I always just X out of the window and there aren't any problems so it seems, but this window opens up pretty much any time I open my browser (Internet Explorer is the only one I have). Again, I suspect this is part of the whole AntivirusXP 2008 thing. How can I get rid of this?

Blade81 View Member Profile	Aug 20 2008, 01:48 AM Post #2
Advanced Member Group: MRU Teachers Posts: 607 Joined: 18-July 06 From: Southeast Finland Member No.: 58,602 Operating System: Windows XP Pro * 2 & Windows Vista	Hi Download and install TrendMicro HijackThis * Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled Do a system scan only * Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system. * Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

carpetdemon View Member Profile	Aug 20 2008, 04:06 PM Post #3
New Member Group: New Member Posts: 6 Joined: 15-August 08 Member No.: 80,986 Operating System: Windows XP	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:04:10 PM, on 8/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\Common\hijobori.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inmjunwr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Common\hijobori.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.wm.edu/cp/home/displaylogin R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UiWinApi] C:\WINDOWS\Common\hijobori.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [InfoCmdWin] C:\WINDOWS\system32\inmjunwr.exe O4 - HKCU\..\Run: [infosrv] C:\WINDOWS\system32\ncviryfc.exe O4 - HKLM\..\Policies\Explorer\Run: [CkkBZJj1pt] C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .sxload.net (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052148286 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052126634 O21 - SSODL: hlpcmd - {072FB75A-E9CE-32DC-315A-08E3632374F4} - C:\Program Files\jvajitb\hlpcmd.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7522 bytes

Blade81 View Member Profile	Aug 21 2008, 12:07 AM Post #4
Advanced Member Group: MRU Teachers Posts: 607 Joined: 18-July 06 From: Southeast Finland Member No.: 58,602 Operating System: Windows XP Pro * 2 & Windows Vista	Hi Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link Remember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

carpetdemon View Member Profile	Aug 21 2008, 04:12 PM Post #5
New Member Group: New Member Posts: 6 Joined: 15-August 08 Member No.: 80,986 Operating System: Windows XP	combo fix ComboFix 08-08-19.06 - William Huberdeau 2008-08-21 14:01:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.283 [GMT -4:00] Running from: C:\Documents and Settings\William Huberdeau\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\William Huberdeau\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\William Huberdeau\Application Data\macromedia\Flash Player\#SharedObjects\TXE4ZEUE\interclick.com C:\Documents and Settings\William Huberdeau\Application Data\macromedia\Flash Player\#SharedObjects\TXE4ZEUE\interclick.com\ud.sol C:\Documents and Settings\William Huberdeau\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\William Huberdeau\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@2o7[1].txt C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@ad.yieldmanager[2].txt C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@ads.pointroll[2].txt C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@advertising[1].txt C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@aggregateknowledge[1].txt C:\Documents and Settings\William Huberdeau\Cookies\william_huberdeau@insightexpressai[2].txt C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-20 18:02 . 2008-08-20 18:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-20 17:40 . 2008-08-20 17:40 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-14 21:45 . 2008-08-14 21:45 77,824 --a------ C:\WINDOWS\system32\ncviryfc.exe 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\Malwarebytes 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-14 21:27 . 2008-07-30 21:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-14 21:27 . 2008-07-30 21:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-14 21:23 . 2008-08-14 21:23 0 --a------ C:\WINDOWS\system32\5.tmp 2008-08-14 21:11 . 2008-08-14 21:11 0 --a------ C:\WINDOWS\system32\4.tmp 2008-08-14 20:43 . 2008-08-14 20:43 0 --a------ C:\WINDOWS\system32\6.tmp 2008-08-14 20:22 . 2008-08-14 21:03 2,892 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-14 20:21 . 2007-09-06 01:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-14 20:21 . 2006-04-27 18:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-14 20:21 . 2008-05-29 10:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-14 20:21 . 2003-06-05 22:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-14 20:21 . 2004-07-31 19:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-14 20:21 . 2007-10-04 01:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-14 17:37 . 2008-08-14 17:37 <DIR> d-------- C:\WINDOWS\Common 2008-08-14 05:36 . 2008-08-14 05:36 <DIR> d-------- C:\Program Files\jvajitb 2008-08-14 05:36 . 2008-08-14 05:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\afcnkvof 2008-08-14 05:36 . 2008-08-14 05:36 90,112 --a------ C:\WINDOWS\system32\inmjunwr.exe 2008-08-12 18:56 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 18:54 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-09 13:30 . 2008-08-09 13:30 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\Walgreens 2008-08-09 13:30 . 2008-08-09 13:35 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\W Photo Studio 2008-08-09 13:30 . 2008-08-09 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Walgreens 2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Program Files\Walgreens 2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Program Files\Common Files\HP 2008-08-09 13:24 . 2008-08-09 13:28 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\W Photo Studio Viewer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 18:14 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\uTorrent 2008-08-21 18:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-17 22:36 56,304 ----a-w C:\Documents and Settings\William Huberdeau\Application Data\wklnhst.dat 2008-08-16 17:25 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\Apple Computer 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 13:10 --------- d-----w C:\Program Files\NOS 2008-07-18 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-07-16 05:15 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-16 05:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-09 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-07-09 22:23 --------- d-----w C:\Program Files\AIM6 2008-07-09 22:23 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\acccore 2008-07-09 22:06 --------- d-----w C:\Program Files\Viewpoint 2008-07-09 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-09 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-07-09 22:05 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-09 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-07-08 23:36 --------- d-----w C:\Program Files\iTunes 2008-07-08 23:36 --------- d-----w C:\Program Files\iPod 2008-07-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-08 23:34 --------- d-----w C:\Program Files\Bonjour 2008-07-08 23:33 --------- d-----w C:\Program Files\QuickTime 2008-07-08 23:30 --------- d-----w C:\Program Files\Apple Software Update 2008-07-08 23:29 --------- d-----w C:\Program Files\Common Files\Apple 2008-07-08 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-09 19:01 57,344 ----a-w C:\WINDOWS\uneng.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "InfoCmdWin"="C:\WINDOWS\system32\inmjunwr.exe" [2008-08-14 05:36 90112] "infosrv"="C:\WINDOWS\system32\ncviryfc.exe" [2008-08-14 21:45 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 16:32 155648] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 14:02 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 21:01 124656] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 11:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 12:13 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 03:38 34672] "UiWinApi"="C:\WINDOWS\Common\hijobori.exe" [2008-08-14 17:37 53248] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "CkkBZJj1pt"="C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe" [2008-08-14 05:36 57344] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-06-07 22:59:11 24576] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 01:37:10 323646] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "hlpcmd"= {072FB75A-E9CE-32DC-315A-08E3632374F4} - C:\Program Files\jvajitb\hlpcmd.dll [2008-08-14 05:36 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= Newly Created Service - CATCHME Newly Created Service - ERASERUTILDRV10821 Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1213496521.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = https://my.wm.edu/cp/home/displaylogin R1 -: HKCU-Internet Settings,ProxyOverride = .local O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 14:14:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-08-21 14:32:04 ComboFix-quarantined-files.txt 2008-08-21 18:29:08 Pre-Run: 13,763,215,360 bytes free Post-Run: 13,880,938,496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 176 --- E O F --- 2008-08-19 11:10:59 new hijackthis log** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:00 PM, on 8/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\Common\hijobori.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inmjunwr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\inmjunwr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.wm.edu/cp/home/displaylogin R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UiWinApi] C:\WINDOWS\Common\hijobori.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [InfoCmdWin] C:\WINDOWS\system32\inmjunwr.exe O4 - HKCU\..\Run: [infosrv] C:\WINDOWS\system32\ncviryfc.exe O4 - HKLM\..\Policies\Explorer\Run: [CkkBZJj1pt] C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052148286 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052126634 O21 - SSODL: hlpcmd - {072FB75A-E9CE-32DC-315A-08E3632374F4} - C:\Program Files\jvajitb\hlpcmd.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7848 bytes Thanks for working on this with me by the way. I haven't yet expressed my gratitude. I really appriciate this.

Blade81 View Member Profile	Aug 22 2008, 01:28 AM Post #6
Advanced Member Group: MRU Teachers Posts: 607 Joined: 18-July 06 From: Southeast Finland Member No.: 58,602 Operating System: Windows XP Pro * 2 & Windows Vista	Hi Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Scroll down to where it says The J2SE Runtime Environment (JRE) allows end-users to run Java applications. Click the Download button to the right. Select Windows on platform combobox and check the box that says: *Accept* License Agreement. Click continue. The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version. Start hjt, do a system scan, check (if found): O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Close browsers and fix checked. Open notepad and copy/paste the text in the quotebox below into it: CODE File:: C:\WINDOWS\system32\ncviryfc.exe C:\WINDOWS\system32\5.tmp C:\WINDOWS\system32\4.tmp C:\WINDOWS\system32\6.tmp C:\WINDOWS\system32\inmjunwr.exe C:\WINDOWS\Common\hijobori.exe Folder:: C:\Program Files\jvajitb C:\Documents and Settings\All Users\Application Data\afcnkvof Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InfoCmdWin"=- "infosrv"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UiWinApi"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "CkkBZJj1pt"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "hlpcmd"=- Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Refering to the picture above, drag CFScript into ComboFix.exe Then post the resultant log. Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache The other boxes are optional Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. Please run an online scan with Kaspersky Online Scanner (scan whole my computer). Post back its report, a fresh hjt log and above meantioned ComboFix resultant log.

carpetdemon View Member Profile	Aug 22 2008, 04:16 PM Post #7
New Member Group: New Member Posts: 6 Joined: 15-August 08 Member No.: 80,986 Operating System: Windows XP	During the ComboFix scan I didn't incur any problems that you had mentioned--about if it took longer than 20 minutes. ComboFix Log ComboFix 08-08-19.06 - William Huberdeau 2008-08-22 16:16:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT -4:00] Running from: C:\Documents and Settings\William Huberdeau\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\William Huberdeau\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\Common\hijobori.exe C:\WINDOWS\system32\4.tmp C:\WINDOWS\system32\5.tmp C:\WINDOWS\system32\6.tmp C:\WINDOWS\system32\inmjunwr.exe C:\WINDOWS\system32\ncviryfc.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\afcnkvof C:\Documents and Settings\All Users\Application Data\afcnkvof\ifmfsfqf.exe C:\Program Files\jvajitb C:\Program Files\jvajitb\hlpcmd.dll C:\WINDOWS\Common\hijobori.exe C:\WINDOWS\system32\4.tmp C:\WINDOWS\system32\5.tmp C:\WINDOWS\system32\6.tmp C:\WINDOWS\system32\blphctdpj0e5ea.scr C:\WINDOWS\system32\lphctdpj0e5ea.exe C:\WINDOWS\system32\phctdpj0e5ea.bmp . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 16:08 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-22 16:07 . 2008-08-22 16:07 <DIR> d-------- C:\Program Files\Common Files\Java 2008-08-22 01:05 . 2008-08-22 01:05 90,112 --a------ C:\WINDOWS\system32\fydujczc.exe 2008-08-20 18:02 . 2008-08-20 18:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\Malwarebytes 2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-14 21:27 . 2008-07-30 21:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-14 21:27 . 2008-07-30 21:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-14 20:22 . 2008-08-14 21:03 2,892 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-14 20:21 . 2007-09-06 01:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-14 20:21 . 2006-04-27 18:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-14 20:21 . 2008-05-29 10:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-14 20:21 . 2003-06-05 22:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-14 20:21 . 2004-07-31 19:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-14 20:21 . 2007-10-04 01:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-14 17:37 . 2008-08-22 16:16 <DIR> d-------- C:\WINDOWS\Common 2008-08-12 18:56 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 18:54 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-09 13:30 . 2008-08-09 13:30 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\Walgreens 2008-08-09 13:30 . 2008-08-09 13:35 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\W Photo Studio 2008-08-09 13:30 . 2008-08-09 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Walgreens 2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Program Files\Walgreens 2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Program Files\Common Files\HP 2008-08-09 13:24 . 2008-08-09 13:28 <DIR> d-------- C:\Documents and Settings\William Huberdeau\Application Data\W Photo Studio Viewer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 20:08 --------- d-----w C:\Program Files\Java 2008-08-22 19:53 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-22 19:52 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\uTorrent 2008-08-17 22:36 56,304 ----a-w C:\Documents and Settings\William Huberdeau\Application Data\wklnhst.dat 2008-08-16 17:25 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\Apple Computer 2008-07-18 13:10 --------- d-----w C:\Program Files\NOS 2008-07-18 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-07-16 05:15 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-16 05:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-09 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-07-09 22:23 --------- d-----w C:\Program Files\AIM6 2008-07-09 22:23 --------- d-----w C:\Documents and Settings\William Huberdeau\Application Data\acccore 2008-07-09 22:06 --------- d-----w C:\Program Files\Viewpoint 2008-07-09 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-09 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-07-09 22:05 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-09 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-07-08 23:36 --------- d-----w C:\Program Files\iTunes 2008-07-08 23:36 --------- d-----w C:\Program Files\iPod 2008-07-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-08 23:34 --------- d-----w C:\Program Files\Bonjour 2008-07-08 23:33 --------- d-----w C:\Program Files\QuickTime 2008-07-08 23:30 --------- d-----w C:\Program Files\Apple Software Update 2008-07-08 23:29 --------- d-----w C:\Program Files\Common Files\Apple 2008-07-08 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-06-09 19:01 57,344 ----a-w C:\WINDOWS\uneng.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-21_14.20.45.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-10 01:13:03 25,214 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\ARPPRODUCTICON.exe + 2008-08-21 18:45:13 25,214 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\ARPPRODUCTICON.exe - 2008-06-10 01:13:00 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-21 18:45:13 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2008-06-10 01:13:02 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-21 18:45:13 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2008-06-14 01:10:09 292,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-08-22 19:54:44 292,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-07-31 00:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll + 2008-07-19 02:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll - 2007-07-31 00:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll + 2008-07-19 02:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll - 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "admweb"="C:\WINDOWS\system32\fydujczc.exe" [2008-08-22 01:05 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 16:32 155648] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 14:02 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 21:01 124656] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 11:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 12:13 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 03:38 34672] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-06-07 22:59:11 24576] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 01:37:10 323646] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38] . Contents of the 'Scheduled Tasks' folder 2008-08-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] 2008-08-15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1213496521.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52] . - - - - ORPHANS REMOVED - - - - HKLM-Run-lphctdpj0e5ea - C:\WINDOWS\system32\lphctdpj0e5ea.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 16:20:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe C:\WINDOWS\system32\wscntfy.exe . ********************************************************************** . Completion time: 2008-08-22 16:27:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-22 20:27:31 ComboFix2.txt 2008-08-21 18:32:34 Pre-Run: 13,877,121,024 bytes free Post-Run: 13,908,131,840 bytes free 194 --- E O F --- 2008-08-19 11:10:59 HiJackThis Log** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:10:35 PM, on 8/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\fydujczc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.wm.edu/cp/home/displaylogin R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [admweb] C:\WINDOWS\system32\fydujczc.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052148286 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213052126634 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7286 bytes Kaspersky Log* Friday, August 22, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, August 22, 2008 18:44:27 Records in database: 1124860 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ Scan statistics Files scanned 41893 Threat name 7 Infected objects 16 Suspicious objects 0 Duration of the scan 01:21:22 File name Threat name Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09800000\49A6F362.VBN Infected: Trojan-Downloader.VBS.Agent.nf 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40002.VBN Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40002.VBN Infected: Trojan.Java.ClassLoader.h 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40002.VBN Infected: Trojan.Java.ClassLoader.d 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40003.VBN Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40003.VBN Infected: Trojan.Java.ClassLoader.h 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40003.VBN Infected: Trojan.Java.ClassLoader.d 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E4C0000\4ECDA267.VBN Infected: Trojan-Downloader.Win32.VB.fuu 1 The selected area was scanned.

Blade81 View Member Profile	Aug 23 2008, 04:10 AM Post #8
Advanced Member Group: MRU Teachers Posts: 607 Joined: 18-July 06 From: Southeast Finland Member No.: 58,602 Operating System: Windows XP Pro * 2 & Windows Vista	Hi Delete files in C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine folder. Open notepad and copy/paste the text in the quotebox b