Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Irritating "downloader" what to do?

Started by Woody184 , Oct 01 2007 01:55 AM

  • This topic is locked This topic is locked
11 replies to this topic

#1 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 01 October 2007 - 01:55 AM

Hi,
I have had a read through your posts and followed some guides but still seem to be suffering the same problem, hope you can help?
I am running a laptop and a pc on a wireless network. The pc has agv free antivirus and runs fine..I think.(its old) The router has a suposed built in firewall, turned on and the laptop(with the problem) has norton antivirus installed and is up to date.
At random times I get a message from norton warning me of a virus...spyware, called "downloader", with details about a "text[1].dat" file inside docs and settings...
These warnings come in groups of three, one after another, all saying the virus was sucessfully removed. Norton the grinds everything to a halt while it does its business and pops up a window telling of all salvation and greatness it has bestowed! This takes about 1 minute, then all is well for a while until the next attack. Usually at least every 15-20 mins.
I have run spybot, which found 200 items! All red, all removed.
I have run ATF cleaner. All ok.
And I ran AGV anti spyware in safe mode and it came up clean.
I have run HijackThis and here is the log...
As soon as I restarted th lappy this morning, the "Downloader" attack sprung ito life!
(It may not be related, but I also suffer from my router blocking access to PAYPAL every so often. I can log in and have a quick look, but if I take too long the pages just wont load. My router has a list of security logs as long as your arm every time I go near the site. To fix this too would be fantastic)
(lastly...is it ok to run norton and agv-antispy alongside eachother...?)
Many thanks...

Logfile of HijackThis v1.99.1
Scan saved at 08:16:18, on 01/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mark\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double-uracing.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.talkgas.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TALKGAS
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {839F5115-9830-4816-88C4-8F02F266A4CE} - C:\WINDOWS\system32\xxwtt.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.talkgas.net
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162894136351
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophot...opcuploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfvj32 - C:\WINDOWS\SYSTEM32\winfvj32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    Advertisements

Register to Remove

#2 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 03 October 2007 - 05:08 AM

Good morning. :)

I'll be happy to help you sort out your problem. In order to help me with this, please note the following:
  • If you have any questions or problems - stop and ask
  • It's important that you do not take any independent action to clean the computer (e.g. scans and clean-up programs)
  • Please continue until I give the "all clear". The symptoms may disappear quite quickly, but this doesn't mean that the computer is clean
----------------------------------------------

ComboFix by sUBs
  • Download this file - ComboFix.exe
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

------------------------------------------------

Please run another HijackThis scan and post the following, as a reply to this post:
  • The ComboFix log
  • The new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#3 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 03 October 2007 - 08:03 AM

Thanks for the reply, and offer of help. Much appreciated.

Here is the combofix and new Hijackthis logs...
I look forward to your reply.
Mark.

ComboFix 07-10-03.7 - Mark 2007-10-03 14:32:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.213 [GMT 1:00]
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winfvj32.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-03 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 23:26 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-19 08:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-17 22:28 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-17 21:30 <DIR> d-------- C:\Documents and Settings\Sally\Application Data\Teleca
2007-09-17 21:30 <DIR> d-------- C:\Documents and Settings\Sally\Application Data\Sony Ericsson
2007-09-17 12:25 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2007-09-17 12:25 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2007-09-17 12:24 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2007-09-17 12:24 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2007-09-17 12:24 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2007-09-17 12:24 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Teleca
2007-09-17 12:21 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Sony Ericsson
2007-09-17 12:20 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-17 12:20 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-09-17 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-17 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-11 18:12 <DIR> d-------- C:\Program Files\Send File
2007-09-10 08:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-09-10 08:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-09-07 09:33 <DIR> d-------- C:\CARDIRIS
2007-09-03 20:17 <DIR> d-------- C:\Program Files\TurnTool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 14:40 --------- d-------- C:\Documents and Settings\Mark\Application Data\WTablet
2007-10-03 14:39 --------- d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2007-10-03 07:42 --------- d-------- C:\Documents and Settings\Sally\Application Data\WTablet
2007-09-26 19:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 10:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 10:28 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 10:28 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 10:28 --------- d-------- C:\Program Files\Symantec
2007-09-18 09:12 --------- d-------- C:\Program Files\MSN Messenger
2007-09-17 12:20 --------- d-------- C:\Program Files\Sony Ericsson
2007-09-11 17:38 93488 --a------ C:\WINDOWS\system32\drivers\z520mdm.sys
2007-09-11 17:38 84928 --a------ C:\WINDOWS\system32\drivers\z520mgmt.sys
2007-09-11 17:38 8336 --a------ C:\WINDOWS\system32\drivers\z520mdfl.sys
2007-09-11 17:38 82864 --a------ C:\WINDOWS\system32\drivers\z520obex.sys
2007-09-11 17:38 6176 --a------ C:\WINDOWS\system32\drivers\z520cmnt.sys
2007-09-11 17:38 6176 --a------ C:\WINDOWS\system32\drivers\z520cm.sys
2007-09-11 17:38 5808 --a------ C:\WINDOWS\system32\drivers\z520whnt.sys
2007-09-11 17:38 5808 --a------ C:\WINDOWS\system32\drivers\z520wh.sys
2007-09-11 17:38 57648 --a------ C:\WINDOWS\system32\drivers\z520bus.sys
2007-09-05 18:15 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-27 17:13 97672 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 31624 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28040 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23944 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189320 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 12680 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2005-07-14 12:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-01-26 22:06:09 207 --sh--w C:\WINDOWS\system32\noside_1eb.sys
2005-02-28 13:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{839F5115-9830-4816-88C4-8F02F266A4CE}]
C:\WINDOWS\system32\xxwtt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-09-10 21:32 C:\WINDOWS\system32\pctspk.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-07 16:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-07 16:40]
"ESB"="C:\WINDOWS\System32\ESB.exe" [2002-11-19 10:13]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"SiSUSBRG"="C:\WINDOWS\sisUSBrg.exe" [2002-04-26 00:06]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 13:38]
"NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" [2006-02-01 23:10]
"bcmwltry"="bcmwltry.exe" [2003-07-25 09:28 C:\WINDOWS\system32\bcmwltry.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Yahoo! Help.lnk
backup=C:\WINDOWS\pss\BT Yahoo! Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audio]
C:\PNP\AUDIO\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp]
C:\windows\temp\Mp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveCpl]
RemoveCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]
C:\DOCUME~1\Sally\LOCALS~1\Temp\bundle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScheduleSync.Siemens.SmartSync.5.2.exe]
C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys
R3 MTC0001_EB;EB device driver;C:\WINDOWS\system32\ntEB.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 actser;actser;C:\WINDOWS\system32\drivers\actser.sys
S3 BTPCCARD;BTPCCARD.SYS Belkin PCMCIA Service;C:\WINDOWS\system32\Drivers\BTPCBCSP.SYS
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\belkin\BELKIN~1.11G\DNINDIS5.SYS
S3 FINEPIX_PCC;FinePix Digital Camera 030617;C:\WINDOWS\system32\Drivers\V4CB0131.SYS
S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys
S3 MTC0001_ESB;ESB device driver;C:\WINDOWS\system32\ntESB.sys
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 07:30:00 C:\WINDOWS\Tasks\HDReg.job"
"2007-09-28 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sally.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 14:41:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-03 14:45:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 14:44
.
--- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 14:47:19, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mark\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double-uracing.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.talkgas.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {839F5115-9830-4816-88C4-8F02F266A4CE} - C:\WINDOWS\system32\xxwtt.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.talkgas.net
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162894136351
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophot...opcuploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#4 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 03 October 2007 - 09:58 AM

Hi Mark.

is it ok to run norton and agv-antispy alongside each other...?

Yes, but don't run scans at the same time.

ComboFix has got rid of the main 'nasty'. We need to tidy up a bit now. :)

-----------------------------------------------------------

Disable AVG Anti-Spyware Resident Shield

This can interfere with our 'fix' if it is running. Please open the program and check the following settings:
  • Click the Shield icon at the top.
  • Under Resident shield is... make sure that this shows as inactive or not available in the free version.
  • Change it, if necessary.
Close AVG Anti-Spyware. Do not scan.

---------------------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

--------------------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\DOCUME~1\Sally\LOCALS~1\Temp\bundle.exe
C:\windows\temp\Mp.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

Folder::
C:\WINDOWS\SxsCaPendDel

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{839F5115-9830-4816-88C4-8F02F266A4CE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{839F5115-9830-4816-88C4-8F02F266A4CE}]

Save this on your Desktop as CFScript.txt

Posted Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall

---------------------------------------------------

Please post, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
Please let me know how the computer is running now.

Edited by beynac, 03 October 2007 - 10:00 AM.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#5 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 03 October 2007 - 12:56 PM

All done...
It all seems to be running better.
I havn't had the "downloader" warning pop up either...
Heres the logs you need...
Thanks.

ComboFix 07-10-03.7 - Mark 2007-10-03 19:19:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.208 [GMT 1:00]
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SxsCaPendDel

.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-03 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 23:26 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-19 08:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-17 21:30 <DIR> d-------- C:\Documents and Settings\Sally\Application Data\Teleca
2007-09-17 21:30 <DIR> d-------- C:\Documents and Settings\Sally\Application Data\Sony Ericsson
2007-09-17 12:25 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2007-09-17 12:25 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2007-09-17 12:24 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2007-09-17 12:24 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2007-09-17 12:24 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2007-09-17 12:24 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2007-09-17 12:24 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Teleca
2007-09-17 12:21 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Sony Ericsson
2007-09-17 12:20 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-17 12:20 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-09-17 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-17 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-11 18:12 <DIR> d-------- C:\Program Files\Send File
2007-09-10 08:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-09-10 08:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-09-07 09:33 <DIR> d-------- C:\CARDIRIS
2007-09-03 20:17 <DIR> d-------- C:\Program Files\TurnTool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 14:40 --------- d-------- C:\Documents and Settings\Mark\Application Data\WTablet
2007-10-03 14:39 --------- d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2007-10-03 07:42 --------- d-------- C:\Documents and Settings\Sally\Application Data\WTablet
2007-09-26 19:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 10:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 10:28 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 10:28 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 10:28 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 10:28 --------- d-------- C:\Program Files\Symantec
2007-09-18 09:12 --------- d-------- C:\Program Files\MSN Messenger
2007-09-17 12:20 --------- d-------- C:\Program Files\Sony Ericsson
2007-09-11 17:38 93488 --a------ C:\WINDOWS\system32\drivers\z520mdm.sys
2007-09-11 17:38 84928 --a------ C:\WINDOWS\system32\drivers\z520mgmt.sys
2007-09-11 17:38 8336 --a------ C:\WINDOWS\system32\drivers\z520mdfl.sys
2007-09-11 17:38 82864 --a------ C:\WINDOWS\system32\drivers\z520obex.sys
2007-09-11 17:38 6176 --a------ C:\WINDOWS\system32\drivers\z520cmnt.sys
2007-09-11 17:38 6176 --a------ C:\WINDOWS\system32\drivers\z520cm.sys
2007-09-11 17:38 5808 --a------ C:\WINDOWS\system32\drivers\z520whnt.sys
2007-09-11 17:38 5808 --a------ C:\WINDOWS\system32\drivers\z520wh.sys
2007-09-11 17:38 57648 --a------ C:\WINDOWS\system32\drivers\z520bus.sys
2007-09-05 18:15 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-27 17:13 97672 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 17:13 537992 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-08-27 17:13 31624 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 17:13 28040 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 17:13 23944 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 17:13 189320 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 17:13 161160 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-08-27 17:13 12680 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2005-07-14 12:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-01-26 22:06:09 207 --sh--w C:\WINDOWS\system32\noside_1eb.sys
2005-02-28 13:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-09-10 21:32 C:\WINDOWS\system32\pctspk.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-07 16:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-07 16:40]
"ESB"="C:\WINDOWS\System32\ESB.exe" [2002-11-19 10:13]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"SiSUSBRG"="C:\WINDOWS\sisUSBrg.exe" [2002-04-26 00:06]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 13:38]
"NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" [2006-02-01 23:10]
"bcmwltry"="bcmwltry.exe" [2003-07-25 09:28 C:\WINDOWS\system32\bcmwltry.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Yahoo! Help.lnk
backup=C:\WINDOWS\pss\BT Yahoo! Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audio]
C:\PNP\AUDIO\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveCpl]
RemoveCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScheduleSync.Siemens.SmartSync.5.2.exe]
C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys
R3 MTC0001_EB;EB device driver;C:\WINDOWS\system32\ntEB.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 actser;actser;C:\WINDOWS\system32\drivers\actser.sys
S3 BTPCCARD;BTPCCARD.SYS Belkin PCMCIA Service;C:\WINDOWS\system32\Drivers\BTPCBCSP.SYS
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\belkin\BELKIN~1.11G\DNINDIS5.SYS
S3 FINEPIX_PCC;FinePix Digital Camera 030617;C:\WINDOWS\system32\Drivers\V4CB0131.SYS
S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys
S3 MTC0001_ESB;ESB device driver;C:\WINDOWS\system32\ntESB.sys
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 07:30:00 C:\WINDOWS\Tasks\HDReg.job"
"2007-09-28 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sally.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 19:23:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-03 19:24:42
C:\ComboFix-quarantined-files.txt ... 2007-10-03 19:24
C:\ComboFix2.txt ... 2007-10-03 14:45
.
--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 19:43:01, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mark\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double-uracing.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.talkgas.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.talkgas.net
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162894136351
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophot...opcuploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#6 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 03 October 2007 - 02:35 PM

That's great! :) The logs are both clean. I would like you to run an online scan to make sure that we got everything.

Kaspersky Online Scanner

Using Internet Explorer, go to: http://www.kaspersky.com/virusscanner
  • Click on Kaspersky Online Scanner
  • Click the Accept button
  • Follow the prompts to download and install the ActiveX component(s) and other software
    • If a yellow information bar appears at the top of the browser window, click on it and select Install ActiveX Control
    • If a message box appears, click on OK or Run as appropriate
  • Click Accept again (see the note below if using IE7)
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click 'Next'.
  • Now click on 'Scan Settings'
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
    • Scan Options: 'Scan Archives' and 'Scan Mail Bases'
  • Click 'OK'
  • Now under 'Select a target to scan' select 'My Computer'
  • The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
  • Now click on the Save as... button:
  • Save the report to your desktop (Save as type: Text document (txt))
Note: You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

-------------------------------------------

Please post the Kaspersky report and a new HijackThis log. You may need more than one post if the Kaspersky report is a long one.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#7 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 03 October 2007 - 05:35 PM

All done... :wacko: beyond me! I'll post them seperately...too long, I tried and the server spewed! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, October 04, 2007 12:18:19 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 4/10/2007 Kaspersky Anti-Virus database records: 426893 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ Q:\ Scan Statistics: Total number of scanned objects: 83810 Number of viruses found: 37 Number of infected objects: 483 Number of suspicious objects: 0 Duration of the scan process: 01:51:00 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine43021C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine4F5B96.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine14E2B8E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine1C029E6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine24D7B86.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine26F1A07.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine2761AF8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine2BB5EAD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine31D0A28.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine3CC7A49.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine4ED7788.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine64A3B65.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine71F1064.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine7645418.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine77D2C1E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine78A2D49.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine7F02350.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine82C1C3F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine8485B55.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine8561958.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine8BC0F5F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine8DA0C60.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9230567.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9482B4D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9492DCE.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9897B6E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9966CF4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9DB30A8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine9EF7176.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineA376CA1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineA477B45.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineA55677D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineABB5D85.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineBC805CF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineC0D4984.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineC451B35.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineE3F625F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineE433B24.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineE842614.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineE970E98.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineED630B1.dll Infected: Trojan.Win32.BHO.g skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\QuarantineF467EB9.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10B63EF0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10C503B2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10FB02A4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11BB138B.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13815F4F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13A620AF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13E75556.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\144D4B5E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\145410D0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14B34165.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\150300F1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1519376D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\153E6AEB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\155F345B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\157F2D74.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15A47810.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15B17111.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E5237C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164B1984.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16606132.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\173C0ADB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17D610EB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\181B54A0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\193A2ACB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A0929C7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A111308.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4E6D7C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AC00329.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B580388.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B962144.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C1D636A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C381AB2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C800657.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CC54A0C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDE414A.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D0F3714.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EAB2546.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EF762E7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F111B4D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F3C269C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F771155.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCE1540.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FDD075C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20437D64.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\207D0561.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20A9736C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21106973.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21297BC3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\212B7581.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\216E3F77.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21765F7B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21DA65A2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21DC5582.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221B7E89.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22424B8A.exe Infected: Trojan-Downloader.Win32.Small.go skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\228855C3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23A05853.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23E51C08.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\258B1778.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\265C7898.exe Infected: not-a-virus:AdWare.Win32.WebSearch.f skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\268313D8.exe Infected: Net-Worm.Win32.Protoride.n skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E877B9.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28494DBF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\288E1173.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A3B6144.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7C30DF.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A9700C2.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AA1574C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll NSIS: infected - 6 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll Exe2Dll: infected - 6 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AAF6556.dll CryptFF: infected - 6 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC02A4F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B074D54.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B6E435B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BD43963.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BF609D0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C3A2F6A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CA02572.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CA579F1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D061B79.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D3706DF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D546A12.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D6C1181.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DA97B18.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD20788.exe Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E025A33.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB14A54.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED17AC0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F691FBA.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FAE636F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FB309F6.htm Infected: Trojan-Downloader.JS.Small.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FDC741C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FF87A68.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DC4414.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312F7387.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3190155D.exe Infected: Trojan-Downloader.Win32.Small.bpz skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31B30C08.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31E07C4B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32253FFF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32DA6404.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33116C4A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\331F395E.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3367550F.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338F0B91.exe Infected: not-a-virus:AdWare.Win32.EZula.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33BF5C6B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34131526.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\345858DB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35CC1D43.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F236F1.exe/WISE0005.BIN Infected: not-a-virus:AdWare.Win32.180Solutions skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F236F1.exe WiseSFX: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F236F1.exe CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3632134B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\368A71B6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36980952.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36FE7F5A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37647561.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CA6B69.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\381F7E61.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38306170.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38965778.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38CD6E82.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38FC4D7F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39014E46.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39634387.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397C5EA3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2B4EC4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AD93EE4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B336722.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B782AD6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C8F4823.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DA11C5F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DDC0099.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DEF0767.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E8A70BA.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F986ED4.exe Infected: Net-Worm.Win32.Protoride.l skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FE750FC.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\406663F7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4096411C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40CF4392.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41C24F49.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42284551.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4253391E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\428E3B58.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42987CD2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\435A2767.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43C11D6F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44271377.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\444772F2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448D097E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44CA15AE.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44CB0372.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44F37F86.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\450F5962.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45A45333.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46062087.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46656870.exe Infected: Trojan-PSW.Win32.Sinowal.bw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\466F6014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46A37FDA.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47023375.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4722654E.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4741723E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478635F3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478E4ED8.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47A81EBB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49730B1A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49B84ECE.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C71349.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AB3654B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BEA67AA.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C10458C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C2F2B5E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CBE35AD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CC50331.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D520B48.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D756A7D.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D756A7D.EXE/WISE0008.BIN Infected: Trojan.Win32.Revop.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D756A7D.EXE WiseSFX: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D756A7D.EXE CryptFF: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D781479.exe Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7B3E76.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7B3E76.exe NSIS: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7B3E76.exe CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7E6872.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D82126E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D853C6B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D886667.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D8B1064.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D8F3A60.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D92645C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D983855.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D9C6252.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D9F0C4E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DA2364A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DA66047.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DA90A43.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DAC3440.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DAF5E3C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DB30838.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DB63235.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DB8014F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DB95C31.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DBC062E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC0302A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC35A26.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC45328.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC60423.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC92E1F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DCD581C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD00218.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD32C14.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD75611.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDA000D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDD2A0A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE05406.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE47E03.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE727FF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DEA51FB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DED7BF8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DF125F4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DF44FF1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DF779ED.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DFA23E9.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DFE4DE6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E0177E2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E0421DF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E084BDB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E0B75D7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E0E1FD4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1149D0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1573CD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E181DC9.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1B47C5.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1E71C2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1F7757.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E221BBE.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E286FB7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E2B19B3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E2F43B0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E326DAC.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E3517A9.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E3941A5.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E3F159E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E423F9A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E466997.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E491393.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E4C3D90.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E4F678C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E531188.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E563B85.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E596581.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E5C0F7E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E60397A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E62443A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E636376.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E660D73.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E69376F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E6D616C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E700B68.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E733564.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E775F61.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E7A095D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E7D335A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E805D56.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E840752.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E856D5F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E87314F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E8A5B4B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E8D0548.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E912F44.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E945940.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E97033D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E9A2D39.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E9E5736.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EA10132.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EA42B2F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EA707EE.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EA8552B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EAB7F27.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EAE2924.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EB82719.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EBB5115.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EBE7B12.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EC2250E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EC54F0B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EEB6366.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F51596E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FB74F75.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FC27318.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\501D457D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50706783.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50833B84.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50945D15.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50C14310.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\511E57A3.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51CD47C4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\527B37E5.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52C06300.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\532A2806.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53507D5A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BF32F8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547932E1.dll Infected: Trojan-PSW.Win32.Sinowal.cg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55821636.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56DB59DB.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56DD18E8.exe Infected: Trojan-Dropper.Win32.Agent.azn skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57377C57.dll Infected: not-a-virus:AdWare.Win32.Sahat.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57B42F11.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57BC72D7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57F972C6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58383A1D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58BB42CF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58E72A3E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59493D4E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59AF3356.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A15295D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2B0BA1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A704F56.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB962BF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AE1156C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B470B74.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BAD017B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5D247D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C985C13.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CA26831.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CB802AE.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D474C34.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DF53C55.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB6229E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ED4010D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1944C2.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F471CFD.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB57296.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FF82127 Infected: Net-Worm.Win32.Padobot.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\604E7685.dll Infected: Trojan-PSW.Win32.Sinowal.du skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\605B1E76.exe Infected: Trojan-Proxy.Win32.Wopla.ac skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\605E4873.htm Infected: Trojan-Proxy.Win32.Wopla.ac skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6061726F.sys Infected: Trojan-Clicker.Win32.Costrat.ae skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60651C6C.exe Infected: Trojan-Downloader.Win32.Small.dgk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60651C6C.htm Infected: Trojan-Downloader.Win32.Small.dgk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\614B5D9D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61902152.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\637D7679.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63B23E8D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C23A2D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640502F4 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\642526D0.exe Infected: Net-Worm.Win32.Padobot.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64730345.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64D9794D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\650F1ECE.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\653F6F54.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65A5655C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BE0EEF.exe Infected: Trojan-Dropper.Win32.Small.jh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65F45309.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660B5B63.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663916BD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663A6286 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6672516B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66D84772.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\673E3D7A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67A43382.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\680A2989.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\680A2989.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\680A2989.exe/data0003 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\680A2989.exe NSIS: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\680A2989.exe CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\686C2F99.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68B1734D.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68C150A4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\696F40C5.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AE30C29.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B1127.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D152505.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5E3C29.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E721E4C.dll Infected: Trojan-Spy.Win32.VBStat.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EFE2BB2.dll Infected: Trojan-Spy.Win32.VBStat.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2C42FD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5D0C21.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F8C0195.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD14549.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FDB331E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70033F44.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C5C18.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7069354B.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7089233E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D02B53.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7136215A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7138135F.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\715B2C10.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719C1762.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BE1A70.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72020D6A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72035E25.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\725A7C08.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72680371.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72CE7979.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73346F80.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\735A4C00.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\739A6588.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74357700.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\747A3AB5.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74E94535.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75983556.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76573BE8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76AC5391.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76C60B70.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77560BDF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77573E96.exe Infected: Trojan-Clicker.Win32.Costrat.ae skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77A305B8.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77ED0B18.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78555BD7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78DE6C6C.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79233021.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79552BCF.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A547BC7.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B55378E.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B5548FC.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B9A0CB1.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BFA714A.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C606751.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CC65D59.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D2C5361.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6007F0.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D924968.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DF83F70.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E513BA6.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5E3577.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F2B2186.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FFF3E68.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\music.asx Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\music.bmp Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\music.wma Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\ambient wind up.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist31.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist32.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist33.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist34.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist35.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist36.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist37.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist38.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Playlist39.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Sample Playlist.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- 4 and 5 star rated.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- Have not heard recently.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- Listen to late at night.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- Listen to on Weekdays.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- Listen to on Weekends.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- One Audio CD worth.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Favorites -- One Data CD-R worth.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Fresh tracks -- yet to be played.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Fresh tracks -- yet to be rated.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Fresh tracks.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\High bitrate media in my library.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Low bitrate media in my library.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Music tracks I dislike.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Music tracks I have not rated.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Music tracks with content protection.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst1.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst10.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst11.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst12.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst13.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst14.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst15.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst2.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst3.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst4.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst5.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst6.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst7.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst8.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample PlaylistsEB6325\Plylst9.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Mark\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\ntuser.dat Object is locked skipped C:\Documents and Settings\Mark\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt327NAV~.TMP Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt421NAV~.TMP Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\winfvj32.dll.vir Infected: Trojan-Proxy.Win32.Agent.lu skipped C:\System Volume Information\_restore{3E6C4124-A67B-4FA4-9C09-D63B6C2FB9FC}\RP23\A0001113.dll Infected: Trojan-Proxy.Win32.Agent.lu skipped C:\System Volume Information\_restore{3E6C4124-A67B-4FA4-9C09-D63B6C2FB9FC}\RP24\change.log Object is locked skipped C:\WINDOWS\$NtUninstallQ308402$\spcmdcon.sys Object is locked skipped C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.exe Object is locked skipped C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.inf Object is locked skipped C:\WINDOWS\$NtUninstallQ308402$\srrstr.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe Object is locked skipped C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf Object is locked skipped C:\WINDOWS\$NtUninstallQ308677$\userenv.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ308678$\msobmain.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ308678$\msobshel.htm Object is locked skipped C:\WINDOWS\$NtUninstallQ308678$\spuninst\spuninst.exe Object is locked skipped C:\WINDOWS\$NtUninstallQ308678$\spuninst\spuninst.inf Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\WINDOWS\RESTORE.INS ARJ: infected - 1 skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\WINDOWS\system\RESTORE.INS ARJ: infected - 1 skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.r skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

#8 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 03 October 2007 - 05:36 PM

part 2 :thumbup:

Logfile of HijackThis v1.99.1
Scan saved at 00:19:50, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mark\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.double-uracing.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.talkgas.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.talkgas.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162894136351
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophot...opcuploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#9 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 04 October 2007 - 02:20 AM

Good morning.

The Kaspersky report is not as bad as it looks! :) There are a couple of things to delete but the majority of the infected items are in Symantec's quarantine. I suggest that you clear this. I'm not sure exactly how to do this but open your Norton control panel (it may be called "Security Center" or similar). There should be a tab or menu item for "Quarantine". Delete all of the items in quarantine. Have a look at the program's help system if you have any problems.

-----------------------------------------------

Download OTMoveIt by OldTimer to your Desktop.
  • Double-click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\WINDOWS\system32\cmd.ftp
C:\Program Files\Morpheus\

  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the programme.
  • A log - C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
--------------------------------------------

Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to the allow clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe
--------------------------------------------

Flush System Restore

We need to 'flush' your System Restore points and create a new clean one.

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
----------------------------------------------

Reagarding your problem with your router blocking access to PayPal. I don't see that this is due to malware and, anyway, the computer is clean now. I suggest that you start a topic in the Browsers, Internet and email forum.

-----------------------------------------------

If you do not already use it, I suggest that you install SpywareBlaster. This program will:
  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
This program blocks these items but does not run in the background. It therefore does not use any resources.

I would also recommend that you have a look at Firetrust SiteHound. This gives warnings when you are about to enter a website that is on their 'block' list. An alternative is McAfee SiteAdvisor. I use SiteHound, but both have a good reputation (N.B. use only one of them, not both).

This article, How to prevent Malware by miekiemoes, gives some very good advice.

Please let me know whether you have any questions.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#10 Woody184

Woody184

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 04 October 2007 - 05:35 AM

Thanks very much for all your help. I havn't seen any signs of "downloader" since yesterday. I spend a lot of time on this machine. I run a vinyl graphics and design service and manage a small motorcycle race team and most of the work is done via the net. If I can help out in any way, stickers etc, just ask. More than happy to repay the favour. My ebay shop is here... www.ratmally.co.uk The race website is here... www.double-uracing.co.uk. Many thanks, Mark Woodward.

#11 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 05 October 2007 - 03:59 AM

Hi Mark. You're welcome. Thanks for the offer re. stickers.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#12 beynac

beynac

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 459 posts

Posted 05 October 2007 - 03:59 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·