Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

help me

Started by mayank13 , Feb 18 2007 03:02 AM

  • Please log in to reply
18 replies to this topic

#1 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 18 February 2007 - 03:02 AM

Logfile of HijackThis v1.99.1
Scan saved at 2:24:59 PM, on 2/18/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\setups\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)

    Advertisements

Register to Remove

#2 bamajim

bamajim

    Silver Member

  • Authentic Member
  • PipPipPip
  • 376 posts

Posted 19 February 2007 - 10:53 AM

mayank13

Welcome to Tom Coyote

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Graduate of MalWare Removal University - A Cooperative Effort with TomCoyote Classroom

Microsoft MVP Windows Security

Posted Image

Posted Image

#3 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 February 2007 - 10:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:47:32 AM, on 2/20/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\setups\hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4558816E-8AD7-4FFF-A6D7-8196B1321D5B}: NameServer = 218.248.240.79 218.248.240.135
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


sd fix report

SDFix: Version 1.66

Run by Administrator - Tue 02/20/2007 @ 9:27:29.00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
ServerAC

Path:
C:\WINDOWS\system32\Security.exe

ServerAC Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\dxdlg32.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\system43.exe - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"
"C:\\Program Files\\Huawei\\MT882\\dslagent.exe"="C:\\Program Files\\Huawei\\MT882\\dslagent.exe:*:Disabled:dslagent"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpqcopy.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpotbx08.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpotbx08.exe:*:Enabled:hpotbx08.exe"
"C:\\Program Files\\HP\\digital imaging\\unload\\hpqphunl.exe"="C:\\Program Files\\HP\\digital imaging\\unload\\hpqphunl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\digital imaging\\unload\\hpqdia.exe"="C:\\Program Files\\HP\\digital imaging\\unload\\hpqdia.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="C:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Disabled:Rediff Bol 8.0"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\3755E42C\D0AAD99D.DLL
C:\Program Files\Common Files\System\MS3755E4.DLL
C:\WINDOWS\system32\jbloader.dll
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Picasa2\setup.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\wmplayer.exe

Add/Remove Programs List:

Adobe Photoshop 7.0
Adobe Download Manager 2.0 (Remove Only)
Alarm Clock v1.0
AVG Free Edition
AVG Anti-Spyware 7.5
BITSAT-2007 Sample
C-Media WDM Audio Driver
Chikka (3.0.58)
DivX Content Uploader
HijackThis 1.99.1
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
Huawei MT882 USB ADSL Modem
Kundli for Windows (Professional Edition)
LimeWire 4.12.6
Mozilla Firefox (2.0.0.1)
Picasa 2
QuickTime Alternative 1.77
RealPlayer
Rediff Bol
Adobe Flash Player 9 ActiveX
WinAce Archiver
Yahoo! Messenger
CP_Package_Variety1
Destinations
AiO_Scan
HP Software Update
AutoUpdate
1400_Help
CP_Package_Variety3
Google Talk (remove only)
1400
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 1
Google Earth
NewCopy
WebReg
HP PSC & OfficeJet 5.3.B
eSupportQFolder
DocProc
Java 2 Runtime Environment, SE v1.4.2_11
Avanquest update
AiOSoftware
DivX Codec
ProductContext
Intel® Extreme Graphics Driver
DivX Player
Microsoft Office XP Professional with FrontPage
Readme
ScannerCopy
Moto EzX Video Producer
DeviceManagementQFolder
Adobe Reader 7.0.8
DivX Converter
DivX Web Player
CP_Package_Variety2
BufferChm
Motorola Phone Tools
Scan
1400Trb
Fax
jetAudio Plus VX
HPProductAssistant
SolutionCenter
Status
HP Image Zone Express

Finished

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 February 2007 - 09:40 AM

Merged threads, please use Posted Image not Posted Image ;)
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 bamajim

bamajim

    Silver Member

  • Authentic Member
  • PipPipPip
  • 376 posts

Posted 20 February 2007 - 03:20 PM

mayank13

Looks better. Give me an update on how your PC is running now?

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop.
Copy and post the results of the Kaspersky Online scan
Graduate of MalWare Removal University - A Cooperative Effort with TomCoyote Classroom

Microsoft MVP Windows Security

Posted Image

Posted Image

#6 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 01:55 AM

i hav viruses in system volume information folder.i am not able to view my hidden files both the options r selected in folder option(show and hide hidden files) no changes can be made to folder options help me

#7 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 07:27 AM

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, February 21, 2007 6:55:08 PM Operating System: Microsoft Windows XP Professional, Service Pack 2, v.2096 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 21/02/2007 Kaspersky Anti-Virus database records: 271528 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 69467 Number of viruses found: 20 Number of infected objects: 250 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:36:50 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007022120070222\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\3755E42C\D0AAD99D.DLL Infected: Trojan-PSW.Win32.Small.br skipped C:\Program Files\Common Files\System\MS3755E4.DLL Object is locked skipped C:\System Volume Information\_restore{A27942C8-400F-4EDD-8288-33F672AA69E4}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\RavTime.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CEB3B85.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035F39A3.dll Infected: not-a-virus:AdWare.Win32.EliteBar.ac skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe NSIS: infected - 6 skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B0534A.exe CryptFF: infected - 6 skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D4D271A.exe Infected: Trojan-Downloader.Win32.Small.aqt skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03CA232D.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D751EEE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D8246E0.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DDD5E7B.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E7369D6.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E7A3DCF.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E8011C8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B6138D3.exe Infected: Trojan.Win32.Dialer.jr skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E843BC4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFB6E2A.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E8A0FBD.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C014223.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E9163B6.sys Infected: Rootkit.Win32.Agent.l skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C056C1F.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E940DB2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C08161B.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E9B61AB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EA8099D.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB5318E.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EBB0587.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EBE2F84.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EC5037C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C390BE5.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EE27D5C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C495DD3.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EF34F4A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C5031CC.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F5864DB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6003BA.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F6836C9.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6757B3.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F6C60C5.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C877B8F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F6F0AC1.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8E4F88.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7908B7.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C984D7D.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F8206AC.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9B777A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F8630A8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9E2176.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F8F2E9E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CA14B72.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA0008C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB87159.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FAA7E81.exe Infected: Trojan.Win32.Dialer.jr skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBF4552.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC5194B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CCF1740.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CD91535.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE3132B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE96723.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFD630E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D000D0A.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D033707.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0D34FC.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1408F5.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D245AE3.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4154C2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D457EBF.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4B52B8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4E7CB4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5F4EA2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6C7694.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6F2090.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D724A8C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D936E69.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA76A53.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\485A33CE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DDE3416.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00FA7DB0.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3A4BB1.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3D75AE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E4349A6.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E646D83.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E711574.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E816762.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E883B5B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E8B6557.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9F6142.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FBE5006.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FC17A02.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FCE21F4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FE547DA.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FFF17BE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10066BB7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\100C3FAF.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\101313A8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\101A67A1.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10545B60.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\107C5335.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BF13736.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\107F7D32.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1082272E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10BA70F1.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10DD3EC9.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10EE10B7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F13AB4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12217B66.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122B795B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12314D54.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\123B4B49.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\123E7545.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1248733A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\124F4733.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12551B2C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\125C6F25.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12691717.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12A30AD6.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D1644C2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12A734D2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B032C7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B706C0.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12C104B6.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12C758AE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12CE2CA7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12E5528E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1305766A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13715FF3.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137833EC.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14425F0D.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14493306.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14565AF8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14702ADB.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\147354D8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14767ED4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\147A28D0.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\147D52CD.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14CB4277.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E5125A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14EC6653.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14EF104F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\158C6FA3.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1592439B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15D16157.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15DA5F4C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E214C15.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15DE0949.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E13345.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E7073E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25414412.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15F10533.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15FB0328.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16082B1A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1612290F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1615530C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161C2704.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16227AFD.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\162C78F2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164074DD.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164648D6.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164972D2.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164D1CCE.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165046CB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E4703FC.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165370C7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\240F61FB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16561AC4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165A44C0.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16716AA7.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16773EA0.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16813C95.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1687108E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\168E6487.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16910E83.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16FD780C.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17002209.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17141DF3.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\173117D3.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\173441CF.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17580FA8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17620D9D.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17793384.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\177C5D80.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17865B75.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\178D2F6E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1790596B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17AA294E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18193CD4.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\183062BB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185E2E88.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A247A95.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2A4E8E.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A3E4A78.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A441E71.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A55705F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A581A5B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A726A3F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A7F1230.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A823C2D.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A866629.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B5A0F3F.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B6D0B2A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B8B050A.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC678C9.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC922C5.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C455E3D.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C4F5C32.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BC716B9.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C52062E.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5F2E20.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58B06CB6.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C62581C.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9023EA.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9A21DF.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9D4BDC.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068C66A9.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CAA73CD.EXE Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CBA45BB.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CBE6FB8.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CE23D90.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF86E2B.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\203935E3.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\203D5FDF.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\205305C6.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20717FA6.exe Infected: Worm.Win32.Passma skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20B2475E.exe Infected: Trojan-Downloader.Win32.Small.aqt skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20B5715A.hwd Infected: Trojan-Downloader.Win32.Agent.ex skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23840644.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.c skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23873040.dll Infected: Trojan-Dropper.Win32.Noname.a skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\238A5A3C.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.a skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23912E35.txt/data0002 Infected: not-a-virus:AdWare.Win32.SmartPops.c skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23912E35.txt NSIS: infected - 1 skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23912E35.txt CryptFF: infected - 1 skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44C841A7.exe Infected: Trojan-Downloader.Win32.Keenval skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AA45850.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10BC2656.exe Infected: not-a-virus:AdWare.Win32.EliteBar.q skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A77F37.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.g skipped D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30B42729.exe Infected: Trojan-Dropper.Win32.Totacity.a skipped D:\System Volume Information\_restore{69113778-CBC2-4531-9D3E-E652C36B8921}\RP106\A0085623.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped D:\System Volume Information\_restore{69113778-CBC2-4531-9D3E-E652C36B8921}\RP106\A0085624.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped D:\System Volume Information\_restore{69113778-CBC2-4531-9D3E-E652C36B8921}\RP106\A0085624.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped D:\System Volume Information\_restore{69113778-CBC2-4531-9D3E-E652C36B8921}\RP106\A0085624.exe Inno: infected - 2 skipped D:\setups\BolSetup.exe/stream/data0137/stream/data0007 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped D:\setups\BolSetup.exe/stream/data0137/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped D:\setups\BolSetup.exe/stream/data0137 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped D:\setups\BolSetup.exe/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped D:\setups\BolSetup.exe NSIS: infected - 4 skipped Scan process completed.

#8 bamajim

bamajim

    Silver Member

  • Authentic Member
  • PipPipPip
  • 376 posts

Posted 21 February 2007 - 11:36 AM

mayank13

You are showing 2 drives C:\ and D:\
C:\ being your primary drive. Can you explain D:\ ?

Is it a second partition on your HD, a second HD, or a USB?
Graduate of MalWare Removal University - A Cooperative Effort with TomCoyote Classroom

Microsoft MVP Windows Security

Posted Image

Posted Image

#9 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 23 February 2007 - 12:46 AM

its a second partition

#10 bamajim

bamajim

    Silver Member

  • Authentic Member
  • PipPipPip
  • 376 posts

Posted 23 February 2007 - 07:44 AM

mayank13

Thank you

1. Let's empty the Quarantine folder in Nortons

If you use Norton AntiVirus 20061 Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 Click View Norton Quarantined and Restore.
4 In the left pane, select the type of risk that you want to remove.
5 In the right pane, select the files that you want to remove.
6 Click Delete Item.
7 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
8 Close the Quarantine window, and then exit Norton AntiVirus.
If you use Norton AntiVirus 2005 1 Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 Click View Quarantined Items.
4 In the right pane, select the files that you want to remove.
5 Click Delete Item.
6 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
7 Close the Quarantine window, and then exit Norton AntiVirus.
If you use Norton AntiVirus 2004/2003 1 Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 In the right pane, click View Report to the right of Quarantined Items.
4 In the right pane, select the files that you want to remove.
5 Click Delete Item.
6 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
7 Close the Quarantine window, and then exit Norton AntiVirus.
2. Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and Delete the following folderC:\Program Files\3755E42C
Locate and Delete the following fileD:\setups\BolSetup.exe
Please Note: Research indicates that the file in question is related to some kind of game application, but being infected it needs to go.

3. Reboot your PC->>Rerun Hiajckthis and post a fresh Hiajckthis log.

4. Give me an update on how your PC is running.
Graduate of MalWare Removal University - A Cooperative Effort with TomCoyote Classroom

Microsoft MVP Windows Security

Posted Image

Posted Image

    Advertisements

Register to Remove

#11 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 23 February 2007 - 12:27 PM

i was not using norton.it was a junk folder i hav deleted it. i am unable to delete C:\Program Files\3755E42C a error msg arises saying cannot delete doaad99d.dll.it is being used by another program or person. also i am unable to view myhidden files in view options points on both show hidden files and folders and do not show hidden files and folders. These both options get automatically selected

#12 bamajim

bamajim

    Silver Member

  • Authentic Member
  • PipPipPip
  • 376 posts

Posted 23 February 2007 - 02:06 PM

mayank13

Looks like we may have some file association/shell issues to deal with

Go HERE and Download System Repair Engine by smallfrogsSave it to your Desktop
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
In the Left pane Select "System Repair"
In the Right pane Under the Windows Shell/IE tab
Check the Select all Box
Then the "Repair" Button
Do not run any other options with this tool unless instructed to do so.

Close SRE2 ->>Reboot Your PC

Let me know in your reply if that resolved your 'hidden files and folders' issue
Graduate of MalWare Removal University - A Cooperative Effort with TomCoyote Classroom

Microsoft MVP Windows Security

Posted Image

Posted Image

#13 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 24 February 2007 - 03:48 AM

what to do with C:\Program Files\3755E42C

#14 mayank13

mayank13

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 24 February 2007 - 03:56 AM

it didn't work. i am still facing the same problem of folder options

#15 random/random

random/random

    MRU Expert

  • Malware Expert
  • 481 posts

Posted 25 February 2007 - 07:42 AM

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\3755E42C

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Let me know if this removes the

C:\Program Files\3755E42C

folder, and post a new HijackThis log

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·