Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Pop, My Log, Please Help!


  • Please log in to reply
22 replies to this topic

#1 stephen351

stephen351

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 19 January 2008 - 08:51 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:23 AM, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\iwinapp.exe
C:\WINDOWS\system32\netmsg.exe
C:\Program Files\Alcohol Soft%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\servicemp.exe
C:\WINDOWS\system32\winser.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WMP54GR.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0CB317BA-6523-F263-6651-D1958C14780D} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iPrimus iSpeed\prpl_IePopupBlocker.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\Wave lite.exe
O4 - HKCU\..\Run: [Iso Part] C:\DOCUME~1\Stephen\APPLIC~1\Gluelog\Birdstupidcurb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\b4 format\Program Files2\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\b4 format\Program Files2\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131100068625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133649865897
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: MCD - C:\WINDOWS\
O20 - Winlogon Notify: rxx5ot - rxx5ot.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe
O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.v8supercar.com.au/livetiming/im...topbanner05.jpg

--
End of file - 15981 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 23 January 2008 - 05:37 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum stephen351
My name is Richie and i'll be helping you to fix your problems.

It appears you've no virus protection installed,which is somewhat suicidal.
Please download/install Avira AntiVir Personal Edition Classic[Free]:
http://www.free-av.com/
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 30 January 2008 - 02:43 AM

Hello Richie.. i forgot all about this, thanks for your help, ill start doing what you have said, this popup is driving me nuts.

#4 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 01:43 AM

It wouldnt let me post the whole report, so its in 2 replys...
AntiVir PersonalEdition Classic
Report file date: Wednesday, 30 January 2008 20:26

Scanning for 1084989 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: STEVE

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 03:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 02:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 05:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 02:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:26:17
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 09:26:17
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 1/25/2008 09:26:18
ANTIVIR3.VDF : 7.0.2.70 200192 Bytes 1/30/2008 09:26:18
AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 1/30/2008 09:26:22
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 00:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/17/2007 21:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 03:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 1/30/2008 09:26:22
AVREG.DLL : 7.0.1.6 30760 Bytes 7/17/2007 21:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 02:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/17/2007 21:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 01:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 02:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 02:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/22/2007 23:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

#5 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 01:44 AM

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msimn.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'Integrator.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'WMP54GR.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'HydraDM.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'winser.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\winser.exe'
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'servicemp.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\servicemp.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CTDVDDET.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'netmsg.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\netmsg.exe'
Scan process 'iwinapp.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\iwinapp.exe'
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'winser.exe' has been terminated
Process 'servicemp.exe' has been terminated
Process 'netmsg.exe' has been terminated
Process 'iwinapp.exe' has been terminated
C:\WINDOWS\system32\winser.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '480e4354.qua'!
C:\WINDOWS\system32\servicemp.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '48124352.qua'!
C:\WINDOWS\system32\netmsg.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '48144355.qua'!
C:\WINDOWS\system32\iwinapp.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '48094368.qua'!

49 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\' <120gig>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00001FD0-0001-0000-2E19-45A12354F756}\DATA.cab
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47f4444f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\003B2A8B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34476.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\004A7CD5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44476.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00806E3F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84476.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B072DC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24477.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00C531F4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34477.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\010C36A7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04478.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\011668E4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14479.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\015437D9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54479.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\017D5EEC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7447a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E33BFD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5447a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02200DBA.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d2447c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02287FB2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4653825d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0248281E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4447c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\024C3BAD.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d4447d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\026D4366.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6447d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02AE1E26.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1447e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02B1181A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2447f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02B2071B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24481.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C463A6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e34482.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02F74ACF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64482.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0314142D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14483.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\037A0A35.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74484.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E0003D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54484.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\041654D9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14485.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04467644.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44486.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\045A188D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54486.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\049F5C42.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94486.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04AD6C4C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14487.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04BD687D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24487.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E41FF6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54488.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E80F7F.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.3
[INFO] The file was moved to '466482a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04F20D74.exe
[DETECTION] Is the Trojan horse TR/Starter.V.1
[INFO] The file was moved to '47e64488.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05136253.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1448a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05256DCD.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d2448a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\052963AB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2448b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056B589D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6448b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0579585B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7448c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05B83C39.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e2448c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05DF4E62.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4448c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0645446A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4448e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\064E2603.tmp
[DETECTION] Contains detection pattern of the worm WORM/Sober.Y
[INFO] The file was moved to '465582af.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068D3169.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8448f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06AB3A71.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14491.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D2751D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44492.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07113079.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14493.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07113A11.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14494.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\075C7C86.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54494.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076F64D9.dll
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.91.4
[INFO] The file was moved to '47d64494.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076F64D9.exe
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.90.2
[INFO] The file was moved to '47d64495.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07720ED5.dll
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.91.1
[INFO] The file was moved to '47d74495.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07772681.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465682b6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07772900.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74496.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07910430.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d94496.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07A1403B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14497.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07DD1C88.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44497.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\080568A8.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d04498.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\083E0390.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d34499.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08441290.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44499.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\086E1A52.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6449a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08AA0897.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1449a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09040DF9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0449c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09107E9F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1449c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\094951AD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4449d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\097674A6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7449d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098E1562.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8449d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09D35917.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4449f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09DC6AAE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444a0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A181CCB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d144a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A7A6AB5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AA856BD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B0E4CC4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B285AD5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3626D4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7442CC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744ac.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7B6A89.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4656828d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC80935.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e344ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD74AF6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BDB38D4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4665828e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C0571F2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044af.qua'!

#6 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 01:46 AM

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA60BDD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14514.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FBE4EE6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24514.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FEB4F92.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54514.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FF903DF.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e64515.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30301346.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\305028A8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54500.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30793C5A.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d74500.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309929DA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94500.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EF0E20.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54501.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\314819FB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44504.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31550428.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46548326.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31815037.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d84505.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31936104.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94506.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BC7A30.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24506.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D824B9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44506.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31F60A1C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64507.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\321D686D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14508.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32227037.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24508.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32622C22.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64509.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\327B4888.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d74509.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3288663F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84509.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32EE5C46.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4664832b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\330B52C8.tmp
[DETECTION] Contains detection pattern of the worm WORM/Sober.Y
[INFO] The file was moved to '47d0450b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3354524E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5450c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3380362B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8450c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33BA4855.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2450c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33C579E0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3450d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\340A3D94.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0450e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34203E5D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2450f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\344F0149.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4450f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34724181.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d7450f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34863464.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46598331.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34EC2A6C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54510.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\353250A6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d34511.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35532073.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54512.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355F3ABF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46548333.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35B9167B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24515.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F712BB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678336.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\360D2AE0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04517.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\361F0C83.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14517.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\363C5670.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34517.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36811A24.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84518.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3685028A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46598339.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36C65DD9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34518.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36EB7892.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54519.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\370B218E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0451a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37506542.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5451b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37516E99.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4654833c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376A0B22.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6451b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37B30C54.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2451c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37B764A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4663833d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\381D5AA8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1451d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38627C74.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6451e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\386F6F4B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4657833f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\388350B0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8451e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38B43300.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2451f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38EA46B7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5451f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F876B5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64520.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\393D3A69.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34521.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39503CBF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54521.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39827E1E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84522.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39B632C7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24522.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C330E6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e34525.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A1C28CE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1452d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A821ED6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8452e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA10827.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1452e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AE64BDB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5452e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AE814DD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5452f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AE96B2F.exe
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648310.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B474EAB.tmp
[DETECTION] Is the Trojan horse TR/Bagle.FD
[INFO] The file was moved to '47d44531.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B4E0AE5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46558312.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B705345.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74531.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BFA5AAE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64532.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C804A1F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84533.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CE64027.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54533.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D1864B7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14535.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D270D5A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24535.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D4C362E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44535.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D5D286C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54536.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DA26C20.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14536.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DB22C36.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24536.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DD67D7B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44537.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DE72FD5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54537.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DF238AF.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e64538.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E18223D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14539.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7E1845.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74539.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ECD6ECD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3453a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EE40E4C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5453a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F2F341D.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d2453b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F4A0454.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4453e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F8F4147.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8453e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FB17A5B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2453f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FD404FC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4453f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40177063.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14529.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\401948B0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1452a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40274803.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d2452a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405E0C65.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5452b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\407D666B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7452b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A3501A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1452b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40E35C72.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5452c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4149527A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4452d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41872F50.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8452d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41AF4881.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4660830f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41C15A23.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3452e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42061DD7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0452f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42153E89.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14530.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\427B3490.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74530.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42902540.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94531.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42D568F5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44531.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42E12A98.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54531.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42E40F92.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54532.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\431A2CAA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14533.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4348209F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44533.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43AE16A7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14534.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44140CAE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46508316.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\443836B3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34535.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44416FD3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44539.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\447A02B6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4656831a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\447D7A67.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7453b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44AF7FA0.tmp
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47e1453a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44C23E1C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4662831b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E078BE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4664831b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\450701D1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0453c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\452B3B18.tmp
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d2453c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45396126.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d3453c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45466EC5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4453d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454C4585.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4655831e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45AC64CD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1453d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45E60B04.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e5453e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45E75147.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4664831f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46125AD4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14540.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4675716B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Sober.Y
[INFO] The file was moved to '47d74540.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467950DC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46568361.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46AF1343.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14541.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46DF46E3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44541.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46F456F8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64541.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47391AAC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34543.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47453CEB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44543.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\477E5E61.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74543.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C32215.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34544.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C82314.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46628365.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47F321A9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64545.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4810061E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14548.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48767C25.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74548.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48A111CA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14549.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48C03D21.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e34549.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48DC722D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44549.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48E12C1F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5454a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48EA12FB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4664836b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49266FD3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2454b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49426834.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4454c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\496B3388.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6454c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4998031C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9454c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49B0773C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2454d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49F53AF1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6454d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A0F5443.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04555.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A3A7EA5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34556.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A754A4B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74556.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AAD622C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14556.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4ADB4053.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44557.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B41365A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44558.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B5808AF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54559.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B7B497D.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d74559.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B9D4C63.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94559.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BA72C62.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1455a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BE21018.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5455a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C0D2269.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0455b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C2753CC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2455c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C6C1781.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6455c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C731871.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7455c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CD90E78.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4455f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D0B30C6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d04561.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D3F0480.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34561.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D8A218A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84561.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DA67A87.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14562.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DCF653F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34562.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E0C708F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04563.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E1428F3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14564.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E596CA8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54564.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E5E1402.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46548345.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E726696.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74565.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E9E305D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94565.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4ED85C9E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44565.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EE37411.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54566.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F3E52A6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34567.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F550554.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54568.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F7659B4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74568.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FA448AD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14568.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50017E1A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04552.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\500A3EB5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04553.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\504641CF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44554.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507034BC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74554.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\508B0584.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84554.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50D04938.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44555.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50D72AC4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46658376.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51150CED.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14556.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51185485.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14557.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\513D20CB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34559.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\515A50A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5455a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\516155B7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6455a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51A316D3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4660837b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51E107A5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.BCB.1
[INFO] The file was moved to '47e5455b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52090CDA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0455c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\526F02E2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4657837d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52795AAA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7455d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52BC04B4.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aic.2
[INFO] The file was moved to '47e2455e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52D578EA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4455e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53036214.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0455f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\534725C8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44560.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\538C697D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84560.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53A0421C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14560.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53CC21DB.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47e34561.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D375D4.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47e44561.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54063824.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46518344.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\546D2E2B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64563.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54AB7386.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14563.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54D32433.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44564.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54F0373B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64564.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5512078C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14566.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55391A3B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34566.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5568472A.tmp
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d64567.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5578767B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7456a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\557A3EA4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4656834b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\559F1042.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9456b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55A81C6F.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e1456b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55BD4E68.exe
[DETECTION] Is the Trojan horse TR/Bagle.FD
[INFO] The file was moved to '47e2456b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55BF0258.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2456c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5604460D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0456d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5605064A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4651834e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\566B7C51.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6456e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\567B6A88.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d7456e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56D17259.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4456f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\571E57EF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14570.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57376860.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34570.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\576713CB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64570.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\579D5E68.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94571.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57AC577F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14571.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57F11B34.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64571.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5804546F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04573.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58365EE8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34573.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\586A4A77.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64574.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\587B229D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74574.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58D0407E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44574.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59363686.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34576.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59992CA6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94576.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\599C2C8E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46588357.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DE705B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44577.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A022295.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0457f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A23340F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24582.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A68189D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64582.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A6877C4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783a3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AAD3B79.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14583.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ACE0EA4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34583.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B3504AC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34584.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B3578B3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34585.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7E79E5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74585.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9B7AB3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94586.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BCB4582.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34586.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BE468D4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54586.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C0170BB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04588.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C100936.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14588.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C2C6A06.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24588.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C554CEB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54589.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C6766C2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64589.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9A10A0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94589.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CCD5CCA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3458a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CDB5A27.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4458a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CDF5454.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466583ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D241809.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2458c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D3352D1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d3458c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D9948D9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9458c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DFF3EE1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6458d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E422212.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4458e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E6534E8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6458f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E8765C7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8458f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB202AF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24591.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ECC297B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34592.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F116D30.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14593.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F317E1B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F977422.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FFD6A2A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\604F44F1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzo.do.1
[INFO] The file was moved to '47d4457f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60636032.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6457f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60B97EA2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24580.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60C95639.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34580.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F27AEB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64580.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60FE4257.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64581.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\612F4C41.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383a3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6143060B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44583.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\618849C0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84583.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61954248.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94583.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E96C3E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54584.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61FB3850.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64584.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62622E57.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64585.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62A70774.tmp
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e14586.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62C8245F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466283a7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62EB177E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466483a7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632E1A66.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63305B32.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34588.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6394106E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94588.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63BA629B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24589.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63F53CA0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64589.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63FA0676.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6458b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63FF2650.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6458c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\645B2B8F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5458d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64607C7D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6458e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C67285.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3458e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\652C688C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2458f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6562740E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64590.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65935E94.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94590.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65A737C2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14590.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65EC7B77.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54591.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65F9549B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64591.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66000D02.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04592.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66313F2C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34593.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\665F4AA3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54593.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667602E0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66AF7D23.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66C540AA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34594.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\672B36B2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24596.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\675E6D44.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54596.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67912CB9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94597.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67D9509E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44597.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67F722C1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64598.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\681E1452.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14599.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68565999.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d54599.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\685D18C9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5459a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68635807.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6459a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68A81BBC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1459c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68BB4D85.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2459d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68C30ED0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3459d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68ED5F70.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5459d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69034EB7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0459f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\692A04D8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2459f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69907ADF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945a0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69AC5013.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47e145a0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F670E7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645a0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A0B6979.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A347206.exe
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A502D2E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A602EF9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645aa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AC13A1A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345aa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ADA3497.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B0F1F1A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045ac.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B1F784C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145ac.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B273021.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B643C00.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B8D2629.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845ae.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BF31C30.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645ae.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C591238.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545af.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6C7F5B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645b0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C83460A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845b0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CC0083F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345b0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CC809BE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345b3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D0D4D73.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D267E47.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D521127.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D6370AE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645b6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D8C744E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845b6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D9754DC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945b6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DC95F9D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DDB1891.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DEA2BF0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DED55EC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545b8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF17FE9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645b8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF26A56.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645b9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF429E5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4667839a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF753E2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DFA7DDE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645ba.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DFE27DA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4667839b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E0151D7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E047BD3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045bc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E0725D0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4651839d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E0B4FCC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E0E79C9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4651839e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E1123C5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E154DC1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145be.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E1877BE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4650839f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E1B21BA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14580.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E1E4BB7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145c1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2275B3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245c1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E251FAF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245c2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2849AC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2B73A8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2F1DA5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E3247A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E35719D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E381B9A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465283e5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E3C4596.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345c6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E3F6F93.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345c5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E42198F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445c5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E45438B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465583e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E496D88.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445c6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E4C1784.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465583e7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E4F4181.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E536B7D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545c7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E561579.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465483e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E58605E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545c9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E593F76.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5C2F1C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '465483e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5C6972.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465483ea.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E60136F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645c9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E633D6B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783ea.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E666767.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645ca.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E691164.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E6D3B60.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E70655D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745cb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E730F59.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E763956.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745ce.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E7A6352.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465683ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E7D0D4E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E80374B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845cf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E846147.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465983f0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E870B44.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845d1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E8A3540.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E8D5F3C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465983f1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E910939.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E943335.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945d1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E975D32.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465883f2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E9A072E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945d3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E9E312A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945d2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA15B27.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145d2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA40523.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145d3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA72F20.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466083f4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EAB591C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145d5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EAE0318.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145d4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EB12D15.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245d4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EB55711.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466383f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EB55EE5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245d5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EB8010E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466383f6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBB2B0A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245d7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBE5506.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245d6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBE5665.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466383f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EC27F03.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EC528FF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466283fa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EC852FC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ECB7CF8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466283fb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ECF26F4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED250F1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED57AED.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466583fc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED824EA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EDC4EE6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EDF78E3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466583fd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EE222DF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EE64CDB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EE976D8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466483fe.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEC20D4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EEF4AD1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e545de.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF374CD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645de.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF61EC9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466783ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF948C6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EFA229A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466783c0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EFC72C2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e645e1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F001CBF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045e1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0346BB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465183c2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0670B7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F091AB4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0D44B0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465183c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F106EAD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1318A9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1642A5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465083c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1A6CA2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145e5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1D169E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F20409B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F244C6D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245e7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F246A97.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F271493.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2A3E90.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2D688C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383c9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F311289.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F343C85.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F376681.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465283ca.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A107E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3E3A7A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345ea.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3F664E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465283cb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F416477.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445ea.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F440E73.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F473870.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465583cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4B626C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4E0C68.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465583cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F513665.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F556061.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545ed.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F580A5E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465483ce.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5B345A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5E5E56.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545ee.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F620853.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645ee.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F65324F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783cf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F685C4C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F6B0648.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F6F3044.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645f1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F725A41.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745f2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F75043D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745f3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F782E3A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465683d4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F7C5836.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F7F0232.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745f4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F822C2F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845f4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F842A03.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465983d5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F86562B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F890028.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465983d6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F8A4274.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F8C2A24.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d845f6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F8F5420.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465983d7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F937E1D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945f6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F962819.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F995216.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465883d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9C7C12.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d945f9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA0260E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145f8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA3500B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466083d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA67A07.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145fa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA92404.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e145f9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FAD4E00.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466083da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB077FD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245fa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB321F9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466383db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB64BF5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245fc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FBA75F2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e245fb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FBD1FEE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466383dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FC049EB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345fb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FC473E7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345fd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FC71DE3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345fe.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCA47E0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466283df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCD71DC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e345ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD11BD9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e445ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD445D5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46658020.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD76FD1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44600.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FDA19CE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46658021.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FDE43CA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44601.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FE16DC7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54601.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FE417C3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648022.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FE741BF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54602.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FEB6BBC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648023.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FEE15B8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54604.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FF1387C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64603.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FF13FB5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678024.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FF569B1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64605.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FF813AD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64604.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FFB3DAA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678025.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FFE67A6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64606.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\700211A3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70053B9F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465183d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7008659C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045f0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\700B0F98.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465183d1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\700E316C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045f2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\700F3994.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d045f1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70126391.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145f1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70150D8D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465083d2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7018378A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145f4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\701C6186.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465083d5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\701F0B82.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d145f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7022357F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70265F7B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383d6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70290978.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245f6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702C3374.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465383d7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702F5D70.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d245f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7033076D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70363169.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465283d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70395B66.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d345f8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\703C0562.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465283d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70402F5E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445f8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7043595B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445f9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70460357.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465583da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70492D54.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445fb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\704D5750.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d445fa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7050014C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545fa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70532B49.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465483db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70572E83.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545fb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70575545.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465483dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705A7F42.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545fd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705D293E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d545fc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7060533A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645fc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70647D37.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70672733.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645fd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706A5130.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465783de.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706D7B2C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d645ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70712529.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d745ff.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70744F25.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74600.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70777921.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74601.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707A231E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46568022.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707E4D1A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74602.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70817717.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84602.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70842113.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46598023.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70874B0F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84603.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708B750C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46598024.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708E1F08.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84605.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70914905.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94604.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70957301.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46588025.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70981CFD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94606.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\709B46FA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94605.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\709E70F6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46588026.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A21AF3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14606.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A544EF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46608027.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A86EEB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14608.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB18E8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14607.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AF42E4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46608028.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B26CE1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24608.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B516DD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46638029.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70B840D9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2460a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BC6AD6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24609.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BD248B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4663802a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70BF14D2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2460c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70C23ECF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3460c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70C53D64.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '4662802d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70C668CB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3460d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70C912C7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4662802e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70CC3CC4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3460f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70CF66C0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3460e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D310BD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4460e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D63AB9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4665802f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D964B6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4460f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70DC0EB2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46658030.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70E038AE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5460f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70E362AB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54610.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70E60CA7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648031.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70E936A4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54611.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70ED60A0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648032.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70F00A9C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64612.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70F33499.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64613.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70F75E95.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64615.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70FA0892.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678036.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70FD328E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64616.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71005C8A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04617.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71040687.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46518038.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71073083.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04618.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710A5A80.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d04619.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710D047C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0461a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71112E78.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1461b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71145875.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1461c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71170271.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4650803d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\711A2C6E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1461d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\711E566A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4650803e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71210066.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2461d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71231A92.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2461e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71242A63.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4653803f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7128545F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24660.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\712B7E5C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2461f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\712C3B75.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46538000.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\712E2858.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24621.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71315254.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34620.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71357C51.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46528001.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7138264D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34622.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713B504A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34621.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713E7A46.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46528003.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71422443.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44622.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71454E3F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44623.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7148783B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46558004.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\714B2238.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44625.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\714F4C34.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46558006.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71527631.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54626.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7155202D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46548007.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71584A29.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54627.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\715C7426.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46548008.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\715F1E22.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54629.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7162481F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64628.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7166721B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46578009.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71691C17.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64629.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\716C4614.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4657800a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\716F7010.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6462b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71717F2A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7462a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71731A0D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4656800b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71764409.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7462c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71796E05.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7462b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\717C1802.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4656800c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718041FE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8462b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71836BFB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8462c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718615F7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4659800d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7189109A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8462e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71893FF3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8462d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718D69F0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4659800e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719013EC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9462d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71933DE9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9462e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719767E5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4658800f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719A11E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94630.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719D3BDE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46588011.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A065DA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14630.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A40FD7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14631.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A739D3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46608012.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71AA63D0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14633.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71AD0DCC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14632.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B137C8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24632.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B461C5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46638013.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B642DE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24633.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71B70BC1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46638014.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BA35BE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24635.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BE5FBA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24634.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71C109B6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34634.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71C433B3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46628015.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71C85DAF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34635.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71CB07AC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46628016.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71CE31A8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34636.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D15BA4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44636.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D505A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46658017.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71EF06A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54637.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71FB0693.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64637.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72557CA9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54638.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72850DFC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84638.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72BB72B1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24639.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732168B8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2463a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73885EC0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8463a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73A31805.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e1463b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73CF6306.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e3463b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73E85BBA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5463b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73EE54C7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5463e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\742D1F6F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24640.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\743551F5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34640.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74544ACF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54640.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74726323.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74641.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\747D5327.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46568062.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74B726D8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24641.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BA40D6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24642.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\752036DE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24643.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75862CE5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84643.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75D530E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44644.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\761A7496.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14645.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\765F384A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54645.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A47BFF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14646.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76B76C20.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24646.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76E93FB3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54647.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771E6227.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14648.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\772E0368.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24648.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7784582F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84649.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77D20783.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e44649.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77EA4E36.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54649.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78147147.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d1464b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\784C0D71.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4464b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7850443E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5464c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\787D7BD2.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d7464c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78915126.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d9464c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78B63A45.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2464d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78D614DA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e4464d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\791B588F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14650.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\791C304D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46508071.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7929066E.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d24651.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7943640D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44651.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79822655.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84652.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\798C653E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46598073.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79A55FF8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14652.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79E81C5C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54653.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A3A555F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d3465b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A4F1264.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4465b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A5A1440.dll
[DETECTION] Is the Trojan horse TR/Agent.RL.2
[INFO] The file was moved to '47d5465b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A746424.dll
[DETECTION] Is the Trojan horse TR/Dldr.YM
[INFO] The file was moved to '47d7465c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A8420FC.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d8465c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A8E3407.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47d8465d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AB5086B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2465d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B082DB6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0465e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B1B7E73.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1465f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B4D716A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4465f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B81747A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d8465f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B92351F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94660.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B9735A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46588041.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD778D4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44660.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BE70305.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e54661.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BE76A82.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46648042.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C4625C1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44662.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C4D6089.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44663.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CB35691.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e24663.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CF502DD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64663.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D194C99.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d14665.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D3A4691.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34666.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D7F0A46.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74667.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D7F42A0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46568048.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DC44DFB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34668.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DE638A8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e54668.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E0911AF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d0466a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E4C2EAF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4466a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E4E5564.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4655804b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E517624.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5466b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB224B7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2466b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ED54A92.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.KL
[INFO] The file was moved to '47e4466b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F181ABE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1466d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F6C5F6D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d6466d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7E10C6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d7466e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12321.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2466e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE406CD.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5466e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FF666D6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6466f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0227AB5B-8883-41CD-8C89-E6553C94C605}\00000001.urm
[DETECTION] Is the Trojan horse TR/Swizzor.A
[INFO] The file was moved to '47d04659.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0227AB5B-8883-41CD-8C89-E6553C94C605}\00000002.urm
[DETECTION] Is the Trojan horse TR/Swizzor.A
[INFO] The file was moved to '46528df2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{07C22864-0D03-46C8-915E-172E7C80F31F}\00000001.urm
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.NK.2
[INFO] The file was moved to '47d0465a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1F20C665-137D-4708-B0B7-C850FE37FE97}\00000001.urm
[DETECTION] Is the Trojan horse TR/Swizzor.A
[INFO] The file was moved to '47d0465b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{866B8F4F-9B78-498B-9C16-899672995FDC}\00000001.urm
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[INFO] The file was moved to '47d0465f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{FC7ECAA2-16EA-48D3-B2E3-F5DFC980D50D}\00000001.urm
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.2
[INFO] The file was moved to '47d04661.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{FC7ECAA2-16EA-48D3-B2E3-F5DFC980D50D}\00000002.urm
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.4
[INFO] The file was moved to '46528dca.qua'!
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\n.jar-262535c7-1feafd51.zip
[0] Archive type: ZIP
--> HiPointInstallShield.class
[DETECTION] Is the Trojan horse TR/Spy.Agent.RK
[INFO] The file was moved to '480a47df.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Miscolanious\backedup stuff\Documents and Settings\Owner\Desktop\bleep\Flashget\flashget.1.60.final.keygen-tsrh.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.68096.B
[INFO] The file was moved to '48014b0e.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Miscolanious\backedup stuff\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BXDRH40Z\prompt_ie_win[1].js
[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.IstBar.O.1
[INFO] The file was moved to '480f4bb9.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Miscolanious\backedup stuff\Documents and Settings\Owner\My Documents\Phone\Nokia_6600_Games_Programs\winrarziped6600\Nokia_6600_Games_Programs\JOGOS\Bowling 2003\bowling7650.sis
[DETECTION] Contains the SymbianOS virus SYMBOS/Skulls.D.4
[INFO] The file was moved to '48174c57.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Software\Flashget\flashget.1.60.final.keygen-tsrh.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.68096.B
[INFO] The file was moved to '48014e0c.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Software\poweriso\pikgs.zip
[0] Archive type: ZIP
--> PowerISO32_Kg2.exe
[DETECTION] Is the Trojan horse TR/Packed.2709
[INFO] The file was moved to '480b4ed9.qua'!
C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Software\poweriso\PowerISO32_Kg2.exe
[DETECTION] Is the Trojan horse TR/Packed.2709
[INFO] The file was moved to '48174ee0.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\bis50A.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '48135032.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\bis50B.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '496ceb23.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\bis50D.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '48135033.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\bis519.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '496ceb24.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\bis51A.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '48135035.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\hkc3a3nt.exe
[DETECTION] Contains detection pattern of the dropper DR/PCK.PolyCrypt.B.203
[INFO] The file was moved to '4803503a.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\sta1ED.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4801504d.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\sta3E7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '497eeb5e.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\sta45D.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4801504e.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\sta536.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '497eeb5f.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\staD.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '48015070.qua'!
C:\Documents and Settings\Stephen\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5EVS5EB\wbk21D.tmp
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/VolksBkfrau.3
[INFO] The file was moved to '480b50fb.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1077\A0181257.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d156a1.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1077\A0181258.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46afe32a.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1082\A0181276.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d156a7.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1087\A0181319.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d156ae.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1087\A0181320.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5572
[INFO] The file was moved to '46afe327.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1092\A0181377.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d156b5.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1101\A0181813.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d156e1.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1101\A0181814.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46afe36a.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183473.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d15704.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183474.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46afe28d.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183475.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d15706.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183476.exe
[DETECTION] Is the Trojan horse TR/Inject.SP.1
[INFO] The file was moved to '47d15705.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183477.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46afe28e.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183478.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47d15707.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1112\A0183482.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46a1a17f.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183694.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '47d15714.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183695.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '46a1a16d.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183696.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '47d15716.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183697.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '47d15715.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183698.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46a1a16e.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183699.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.3
[INFO] The file was moved to '47d15717.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183700.exe
[DETECTION] Is the Trojan horse TR/Starter.V.1
[INFO] The file was moved to '46a1a16f.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183701.dll
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.91.4
[INFO] The file was moved to '47d15708.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183702.exe
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.90.2
[INFO] The file was moved to '46a1a171.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183703.dll
[DETECTION] Is the Trojan horse TR/Spy.IamBigBrother.91.1
[INFO] The file was moved to '47d1570a.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183704.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '46a1a160.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183705.exe
[DETECTION] Is the Trojan horse TR/Swizzor.A
[INFO] The file was moved to '47d15719.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183706.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d15718.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183707.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.NK.2
[INFO] The file was moved to '46a1a161.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183708.exe
[DETECTION] Is the Trojan horse TR/Dldr.TSUpdate.L
[INFO] The file was moved to '47d1571a.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183709.exe
[DETECTION] Contains detection pattern of the dropper DR/Comet.AY.1
[INFO] The file was moved to '46a1a163.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183710.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ON.2
[INFO] The file was moved to '46a1a162.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183711.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d1571b.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183712.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d1571c.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183713.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '46a1a165.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183714.exe
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d1571e.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183715.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '46a1a164.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183716.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.BCB.1
[INFO] The file was moved to '47d1571d.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183717.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aic.2
[INFO] The file was moved to '46a1a166.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183718.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '46a1a167.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183719.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '47d15710.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183720.exe
[DETECTION] Is the Trojan horse TR/Bagle.FD
[INFO] The file was moved to '46a1a169.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183721.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzo.do.1
[INFO] The file was moved to '47d1571f.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183722.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '46a1a158.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183723.exe
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d15721.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183724.dll
[DETECTION] Is the Trojan horse TR/Agent.RL.2
[INFO] The file was moved to '47d15720.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183725.dll
[DETECTION] Is the Trojan horse TR/Dldr.YM
[INFO] The file was moved to '46a1a159.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183726.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47d15722.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183727.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.KL
[INFO] The file was moved to '46a1a15a.qua'!
C:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183728.exe
[DETECTION] Is the Trojan horse TR/Packed.2709
[INFO] The file was moved to '47d15723.qua'!
C:\unzipped\pikgs\PowerISO32_Kg2.exe
[DETECTION] Is the Trojan horse TR/Packed.2709
[INFO] The file was moved to '481757e8.qua'!
C:\WINDOWS\system32\ole2.exe
[DETECTION] Is the Trojan horse TR/Agent.BAB
[INFO] The file was moved to '48055b95.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd2381.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <140g>
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D7B4BAE.mpg
[DETECTION] Contains detection pattern of the worm WORM/Purol.P2P.B
[INFO] The file was moved to '47d7606b.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\419B6D5D
[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1
[INFO] The file was moved to '47d96059.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\419E1759
[DETECTION] Is the Trojan horse TR/Dldr.Istar.X.DLL
[INFO] The file was moved to '46a89c5a.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\419E1759.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IR
[INFO] The file was moved to '47d9605a.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41A46B52.ocx
[DETECTION] Is the Trojan horse TR/Click.Adpowe.N.2
[INFO] The file was moved to '47e1605a.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41AB3F4B.exe
[DETECTION] Is the Trojan horse TR/Clicker.Libie.A.1
[INFO] The file was moved to '47e1605b.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41AE6947.exe
[DETECTION] Is the Trojan horse TR/Clicker.Libie.A.1
[INFO] The file was moved to '46909c5c.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41CD4E3A.exe
[DETECTION] Is the Trojan horse TR/Clicker.Small.AN
[INFO] The file was moved to '47e3605b.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\49256C74.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IQ
[INFO] The file was moved to '47d26064.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64E4214B.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.BC.2 Backdoor server programs
[INFO] The file was moved to '47e5605f.qua'!
D:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64E4783E
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IE.2
[INFO] The file was moved to '46949c60.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183731.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IR
[INFO] The file was moved to '47d160bc.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183732.ocx
[DETECTION] Is the Trojan horse TR/Click.Adpowe.N.2
[INFO] The file was moved to '47d160bd.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183733.exe
[DETECTION] Is the Trojan horse TR/Clicker.Libie.A.1
[INFO] The file was moved to '46a196c6.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183734.exe
[DETECTION] Is the Trojan horse TR/Clicker.Libie.A.1
[INFO] The file was moved to '47d160bf.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183735.exe
[DETECTION] Is the Trojan horse TR/Clicker.Small.AN
[INFO] The file was moved to '46a196b8.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183736.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IQ
[INFO] The file was moved to '47d160be.qua'!
D:\System Volume Information\_restore{AC658DB7-8E34-40B4-ABAC-06B154265CDE}\RP1115\A0183737.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.BC.2 Backdoor server programs
[INFO] The file was moved to '46a196c7.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_080912.165
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '48036274.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_163951.165
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '4803628a.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_190615.165
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '4803629b.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_190631.165
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '49766e04.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_203506.146
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '480362aa.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_210513.164
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '480362b0.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_212843.165
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '480362b6.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Incoming Outlook Email Read_222123.146
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '480362c4.qua'!
D:\WINDOWS\system32\fonts\system\explorer\mru\13\Outgoing Outlook Email Composed_210537.164
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Ebayfraud.Q
[INFO] The file was moved to '481462d6.qua'!
Begin scan in 'F:\' <100g>


End of the scan: Wednesday, 30 January 2008 22:42
Used time: 2:15:31 min

The scan has been done completely.

12907 Scanning directories
508957 Files were scanned
1175 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1171 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
507782 Files not concerned
7659 Archives were scanned
8 Warnings
417 Notes

#7 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 01:48 AM

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DF24719.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644b3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E2B1C8A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E370ACE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3E5A25.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46528296.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E7C4E82.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744b8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA4502C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144b8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EC11237.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344b9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0655EB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044ba.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0B4634.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F713C3B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FA06A80.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e144bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FD73243.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444bc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\103D284A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344a6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\106923A9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644a6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10A31E52.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144a7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10AE675E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46608288.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10E55D0D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544a7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F32B12.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644a8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11091459.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044a9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11386EC7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344aa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\116F0A61.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644aa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11944D2E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944aa.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D50068.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444ab.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11DD4E60.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4665828c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\123B7670.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344ac.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12423D4F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d444ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\125678D0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\128B3E81.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d844ae.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\129B3C85.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944ae.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12A26C78.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144b1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12E00039.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544b1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12F12D70.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644b2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1308627F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044b3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\132543EE.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244b3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136A07A3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644b4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\136E5887.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46578295.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\139F1D90.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D44E8E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13E81EC2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\143A4496.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14694D09.exe
[DETECTION] Is the Trojan horse TR/Swizzor.A
[INFO] The file was moved to '47d644b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14A03A9D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144b7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14CD5560.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344b8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14FD7DD2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644b9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\150630A5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4651829b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15121915.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d144ba.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15575CC9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\156B41ED.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d644bb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\156C26AC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644bc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159C207E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944bc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15B91E7A.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e244bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15D21CB4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E16433.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163912BC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344bf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16953608.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d944c1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\169F08C3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465882e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17057ECB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\174431F0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d444c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17514F66.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\176B74D2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\178975A5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d844c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\179D3135.tmp
[DETECTION] Is the Trojan horse TR/Dldr.IstB.OE.1.C
[INFO] The file was moved to '47d944c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17CE395A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344c5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17D16ADA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444c5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17FF3F87.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644c5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18137D0E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d144c7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\183760E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344c7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185840C3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18610E96.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47d644c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\188A3BA9.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47d844c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\189D56E9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944c9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\191C78B0.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.NK.2
[INFO] The file was moved to '47d144ca.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\192920A1.tmp
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.NK.2
[INFO] The file was moved to '47d244cb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\192D4A9E.exe
[DETECTION] Is the Trojan horse TR/Dldr.TSUpdate.L
[INFO] The file was moved to '465382ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19331E97.exe
[DETECTION] Contains detection pattern of the dropper DR/Comet.AY.1
[INFO] The file was moved to '47d344cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1969201C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19764ACC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19BB0E81.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e244cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19CF1623.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19D56A45.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e444cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A005235.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A0B0FE9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A350C2B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4515EA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d444d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A8A599E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d844da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A9B0232.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ACF1D53.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ADE278E.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ON.2
[INFO] The file was moved to '47e444db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B01783A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B02013C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465182fd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B676E41.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BCD6449.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BED275C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C326B11.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C335A50.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465282c0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C772EC5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744e0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C995058.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944e0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CBC727A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e244e0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D004660.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D01362E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465182c3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D663C67.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA53CEF.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47e144e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DCC326F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DEF2C39.tmp
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e544e4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E204038.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244e5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E322876.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344e5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E6503EC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E981E7E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EA947A1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB43311.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e244e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EEE0B55.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e544e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EFE1485.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644ea.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F334F0A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F622332.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F640A8D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7812BF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d744ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCA0094.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2030769C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d344d7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20971CC8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944d7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20976CA4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20BF0374.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e244d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20DC607C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20FD62AB.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21212431.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\216358B3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\216667E6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21AB2B9A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e144db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21C94EBA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F06F4F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22953AC9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22FB30D1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644de.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230E7958.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23533D0D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544e2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\236126D8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d644e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\239800C1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23C71CE0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466282c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23DD4476.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444e4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2422082A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465382c6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\242E12E7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244e7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24D62438.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e444e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24F95C1A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25401233.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d444e7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\255F5222.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25851459.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d844e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25C54829.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CA199D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CE158B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '466282ca.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\260F5D51.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d044eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\262B3E31.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26542106.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26681E4B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '465782cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\267C05AC.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '465682cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26913438.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944ed.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26936AC7.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[INFO] The file was moved to '465882ce.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26F72A40.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644ee.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\275E2048.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27B76EC4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e244ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C4164F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344f3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27FC3278.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644f3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\282A0C57.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d244f4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2841762D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d444f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\288639E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d844f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2890025E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d944f5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F67866.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e644f6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2910414B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d144f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\295C6E6D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d544f7.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29C26475.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e344f8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A285A7C.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24500.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A2D3781.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46538321.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A2E4B54.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24501.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A730F08.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d74501.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A8E5084.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84502.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A932670.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d94502.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ADC27A2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44502.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AF5468B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64503.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AFD1672.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678324.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B425A26.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d44505.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B5B3C93.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54505.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BC1329B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e34505.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C2728A2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24507.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C3907E4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d34507.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C60642F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64507.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C8D1EAA.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84508.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CA527E4.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14508.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CEA6B98.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e5450a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CF314B1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e6450b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D2F2F4D.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d2450d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D4D66F3.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d4450d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D590AB9.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d5450d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DB936B6.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e2450e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DBF00C0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '4663832f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD50D08.tmp
[DETECTION] Contains detection pattern of the worm WORM/Mytob.DX
[INFO] The file was moved to '47e4450f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E2576C8.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d24510.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E8C6CCF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d84510.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED740BF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e44511.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF262D7.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e64511.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF34867.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '46678332.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F5858DF.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d54513.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F614829.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47d64513.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA23887.tmp
[DETECTION] Is the Trojan horse TR/Crypt.E
[INFO] The file was moved to '47e14513.qua'!

Good luck sifting through all that!!!... but it looks like i had some problems!!

#8 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 02:45 AM

report.. WOW. its like a new computer again. my internet is running twice as fast!!!

SDFix: Version 1.134

Run by Stephen on Thu 31/01/2008 at 06:20 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\PROGRA~1\SDFix

Safe Mode:
Checking Services:

Name:
IWin service

Path:
C:\WINDOWS\system32\iwinapp.exe

IWin service - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 18:28:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,6f,57,5a,f4,aa,b1,c5,90,05,f3,4d,19,a5,c2,cc,7c,52,59,f1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,48,e1,a7,e4,50,bf,2c,b3,e1,27,74,b1,9f,2f,3b,91,..
"khjeh"=hex:f9,ff,db,f9,68,9b,93,91,e5,ca,c8,4e,fb,3b,49,21,d6,45,bd,79,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,f6,02,82,89,e6,55,8d,7f,83,1d,67,9d,65,71,21,b2,18,a3,35,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,d0,35,ed,54,b7,e0,21,b0,e5,66,cc,3f,e8,a2,28,b6,7d,de,6e,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:46,1e,6a,ce,12,84,0e,d2,7c,9f,79,6b,51,12,b4,32,97,e3,18,04,67,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:44,bf,73,1a,3c,5e,7d,5c,6b,7e,68,fa,c8,c5,39,31,67,85,d4,92,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:ef132932
"s1"=dword:f8f12b8f
"s2"=dword:ced6f474
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:af,6f,57,5a,f4,aa,b1,c5,90,05,f3,4d,19,a5,c2,cc,7c,52,59,f1,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,48,e1,a7,e4,50,bf,2c,b3,e1,27,74,b1,9f,2f,3b,91,..
"khjeh"=hex:f9,ff,db,f9,68,9b,93,91,e5,ca,c8,4e,fb,3b,49,21,d6,45,bd,79,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,f6,02,82,89,e6,55,8d,7f,83,1d,67,9d,65,71,21,b2,18,a3,35,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:13,d0,35,ed,54,b7,e0,21,b0,e5,66,cc,3f,e8,a2,28,b6,7d,de,6e,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:46,1e,6a,ce,12,84,0e,d2,7c,9f,79,6b,51,12,b4,32,97,e3,18,04,67,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:44,bf,73,1a,3c,5e,7d,5c,6b,7e,68,fa,c8,c5,39,31,67,85,d4,92,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,62,1e,d6,a5,8a,a6,15,88,06,34,26,d8,54,8b,fa,73,fd,..
"ljej40"=hex:d8,98,1d,9d,b9,68,30,ac,79,d7,ed,07,6e,1f,6e,0f,be,e5,c5,a5,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
"ujdew"=hex:20,02,00,00,62,1e,d6,a5,a7,67,41,4d,06,34,26,d8,54,8b,fa,73,fd,..
"ljej40"=hex:d8,98,1d,9d,b9,68,30,ac,79,d7,ed,07,6e,1f,6e,0f,be,e5,c5,a5,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg42]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Google\\Google Earth Pro\\GoogleEarth.exe"="C:\\Program Files\\Google\\Google Earth Pro\\GoogleEarth.exe:*:Enabled:Google Earth Pro"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe:*:Enabled:eBayTBDaemon"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.9.33"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX"
"C:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe:*:Enabled:Yahoo! Widget Engine"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:ęTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 16 Dec 2007 918,045 A..H. --- "C:\DH Temp.tmp"
Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 17 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 9 Dec 2006 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Thu 31 Jan 2008 64,512 A..H. --- "C:\Documents and Settings\Stephen\Application Data\dach100.dll"
Thu 24 Aug 2006 64,512 A..H. --- "C:\Program Files\Dachshund Software\Hare\dach300.dll"
Sun 24 Apr 2005 4,348 A.SH. --- "C:\backedup stuff\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 8 May 2005 400 A.SH. --- "C:\backedup stuff\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sun 8 May 2005 48 A.SH. --- "C:\backedup stuff\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 31 Jul 2005 64,512 A..H. --- "C:\backedup stuff\Documents and Settings\Owner\Application Data\dach100.dll"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 19 Jan 2008 708,624 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6efcd3506d8bb09b521fd2ab4ee258bc\BIT57.tmp"
Sat 19 Jan 2008 17,222,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b0bbf9bad2a96231d750c48395570f92\BIT80.tmp"
Thu 17 Nov 2005 4,348 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Documents\My Music\License Backup\drmv1key.bak"
Sun 2 Apr 2006 20 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Documents\My Music\License Backup\drmv1lic.bak"
Fri 4 Nov 2005 312 A.SH. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Documents\My Music\License Backup\drmv2key.bak"
Thu 8 Jan 2004 20,480 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Pictures\Pa Pa\Annie\~WRL0883.tmp"
Thu 8 Jan 2004 21,504 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Pictures\Pa Pa\Annie\~WRL1948.tmp"
Thu 8 Jan 2004 20,992 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Pictures\Pa Pa\Annie\~WRL3240.tmp"
Thu 8 Jan 2004 21,504 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Pictures\Pa Pa\Annie\~WRL3640.tmp"
Wed 8 Jan 2003 770,048 A..H. --- "C:\Documents and Settings\Stephen\Desktop\Stuff to be burnt\Miscolanious\backedup stuff\Documents and Settings\Owner\Desktop\disk\My DVDs\My Received Files\stupid bleep\winmx331.exe"

Finished!

#9 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 31 January 2008 - 03:03 AM

ComboFix 08-01-31.3 - Stephen 2008-01-31 18:48:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1519 [GMT 11:00]
Running from: C:\Documents and Settings\Stephen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\guard.tmp
C:\Documents and Settings\Stephen\Application Data\Sskdmns.dll
C:\Program Files\Common Files\{F4BE2~1
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.inf
C:\Program Files\winupdate
C:\WINDOWS\system32\ss.exe
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-31 18:19 . 2008-01-31 18:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-31 18:18 . 2008-01-31 18:35 <DIR> d-------- C:\Program Files\SDFix
2008-01-31 18:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-31 18:01 . 2008-01-31 18:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-30 20:39 . 2008-01-31 18:38 64,512 --ah----- C:\Documents and Settings\Stephen\Application Data\dach100.dll
2008-01-30 19:38 . 2008-01-30 19:38 <DIR> d-------- C:\Program Files\Avira
2008-01-30 19:38 . 2008-01-30 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-30 19:15 . 2008-01-30 19:55 <DIR> d-------- C:\Documents and Settings\Stephen\.SunDownloadManager
2008-01-28 16:41 . 2008-01-28 16:41 1,992 --a------ C:\WINDOWS\desctemp.dat
2008-01-22 10:46 . 2008-01-22 10:46 <DIR> d-------- C:\Documents and Settings\Stephen\eee
2008-01-21 18:31 . 2008-01-21 18:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 18:30 . 2008-01-21 18:36 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-01-20 00:41 . 2008-01-20 00:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 00:36 . 2008-01-20 00:41 <DIR> d-------- C:\HJT
2008-01-19 16:40 . 2008-01-19 20:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-19 16:39 . 2008-01-19 16:39 <DIR> d-------- C:\Program Files\Windows Live
2008-01-19 16:38 . 2008-01-19 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 16:08 . 2008-01-20 00:30 212 --a------ C:\delete.bat
2008-01-19 15:50 . 2008-01-19 16:02 <DIR> d-------- C:\NoLopBackups
2007-12-12 20:10 . 2007-12-12 20:10 <DIR> d-------- C:\Documents and Settings\Stephen\Application Data\eBay
2007-12-12 20:10 . 2007-12-12 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-12-11 18:59 . 2007-12-11 18:59 <DIR> d-------- C:\Program Files\Intelore
2007-12-08 18:17 . 2007-12-08 19:33 <DIR> d-------- C:\Program Files\DivoCodec
2007-12-08 18:13 . 2008-01-30 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dumb pure bind support
2007-12-08 18:12 . 2007-12-08 18:40 <DIR> d-------- C:\Program Files\3wPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 07:18 7,168 -csha-w C:\Program Files\Thumbs.db
2008-01-31 07:04 --------- d-----w C:\Program Files\Java
2008-01-30 17:46 --------- d-----w C:\Program Files\Google
2008-01-30 08:32 --------- d-----w C:\Program Files\CONEXANT
2008-01-30 08:30 --------- d-----w C:\Program Files\eBay
2008-01-30 08:27 --------- d-----w C:\Program Files\Karen's Alarm Clock
2008-01-30 08:27 --------- d-----w C:\Program Files\IncrediMail
2008-01-30 08:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-30 08:26 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-30 08:24 --------- d-----w C:\Program Files\Pinnacle
2008-01-14 08:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:01 --------- d-----w C:\Documents and Settings\Stephen\Application Data\Azureus
2007-12-28 11:51 --------- d-----w C:\Program Files\Azureus
2007-12-08 07:44 --------- d-----w C:\Program Files\iPod
2007-12-08 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 06:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-04-24 01:13 26,104 ----a-w C:\Documents and Settings\Stephen\TB2Categories000.dat
2006-02-03 02:08 18,224 ----a-w C:\Documents and Settings\Stephen\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB317BA-6523-F263-6651-D1958C14780D}]
2006-07-08 19:20 0 d-------- C:\Program Files\Common Files\Microsoft Shared\Themes\blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 08:41 69632]
"CTHelper"="CTHELPER.EXE" [2003-02-21 09:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 02:09 32768]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 11:14 73728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-11 01:57 133016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 20:26 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:56 15360]

C:\Documents and Settings\Stephen\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 12:00:44 2301798]
Battery Doubler.lnk - C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-09-21 12:26:20 1534267]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 13:26:40 1874381]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 12:27:14 1446302]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rxx5ot]
rxx5ot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=WIKI.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2005-12-11 01:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a------ 2004-11-11 06:36 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2004-10-05 00:20 446464 C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]
C:\DOCUME~1\Stephen\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2006-07-29 22:07 188416 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a--c--- 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\b4 format\Program Files2\Yahoo!\Messenger\YahooMessenger.exe

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2006-08-06 00:13]
R2 WMP54GRSVC;WMP54GRSVC;"C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe" "WMP54GR.exe" []
R3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 09:58]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 14:48]
S1 rxx6ot;MMX virtualization service;C:\WINDOWS\system32\rxx6ot.sys []
S2 Net message Service;Net message Service;C:\WINDOWS\system32\netmsg.exe []
S2 Win Common module;Win Common module;C:\WINDOWS\system32\servicemp.exe []
S2 Win PPPe;Win PPPe;C:\WINDOWS\system32\winser.exe []
S2 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe []
S3 avupdate2;AVupdate service interface X2;C:\WINDOWS\system32\avupdate2.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2003-03-04 16:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\GoldenCompass.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\dvdcheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 14:42:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 18:54:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\Integrator.exe
.
**************************************************************************
.
Completion time: 2008-01-31 19:01:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 08:01:05
.
2008-01-09 16:02:32 --- E O F ---


Last one.. from hi jack this..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:14 PM, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Alcohol Soft%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WMP54GR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0CB317BA-6523-F263-6651-D1958C14780D} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iPrimus iSpeed\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131100068625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133649865897
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: rxx5ot - rxx5ot.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.v8supercar.com.au/livetiming/im...topbanner05.jpg

--
End of file - 9511 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 02 February 2008 - 11:57 AM

Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
Folder::
C:\Documents and Settings\All Users\Application Data\dumb pure bind support
Driver::
rxx6ot
Service::
Net message Service
Win Common module
Win PPPe
Windows sharing object
Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#11 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 03 February 2008 - 01:24 AM

ComboFix 08-01-31.3 - Stephen 2008-02-03 16:31:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1572 [GMT 11:00]
Running from: C:\Documents and Settings\Stephen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephen\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dumb pure bind support
C:\Documents and Settings\All Users\Application Data\dumb pure bind support\Cash program.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RXX6OT
-------\rxx6ot


((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-01 22:19 . 2008-02-03 16:37 64,512 --ah----- C:\Documents and Settings\Stephen\Application Data\dach100.dll
2008-01-31 18:19 . 2008-01-31 18:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-31 18:18 . 2008-01-31 18:35 <DIR> d-------- C:\Program Files\SDFix
2008-01-31 18:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-31 18:01 . 2008-01-31 18:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-30 19:38 . 2008-01-30 19:38 <DIR> d-------- C:\Program Files\Avira
2008-01-30 19:38 . 2008-01-30 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-30 19:15 . 2008-01-30 19:55 <DIR> d-------- C:\Documents and Settings\Stephen\.SunDownloadManager
2008-01-28 16:41 . 2008-01-28 16:41 1,992 --a------ C:\WINDOWS\desctemp.dat
2008-01-22 10:46 . 2008-01-22 10:46 <DIR> d-------- C:\Documents and Settings\Stephen\eee
2008-01-21 18:31 . 2008-01-21 18:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 18:30 . 2008-01-21 18:36 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-01-20 00:41 . 2008-01-20 00:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 00:36 . 2008-01-20 00:41 <DIR> d-------- C:\HJT
2008-01-19 16:40 . 2008-01-19 20:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-19 16:39 . 2008-01-19 16:39 <DIR> d-------- C:\Program Files\Windows Live
2008-01-19 16:38 . 2008-01-19 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 16:08 . 2008-01-20 00:30 212 --a------ C:\delete.bat
2008-01-19 15:50 . 2008-01-19 16:02 <DIR> d-------- C:\NoLopBackups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 09:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-31 09:35 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-31 09:35 --------- d-----w C:\Program Files\Karen's Alarm Clock
2008-01-31 09:01 7,168 -csha-w C:\Program Files\Thumbs.db
2008-01-31 07:04 --------- d-----w C:\Program Files\Java
2008-01-30 17:46 --------- d-----w C:\Program Files\Google
2008-01-30 08:32 --------- d-----w C:\Program Files\CONEXANT
2008-01-30 08:30 --------- d-----w C:\Program Files\eBay
2008-01-30 08:27 --------- d-----w C:\Program Files\IncrediMail
2008-01-30 08:24 --------- d-----w C:\Program Files\Pinnacle
2008-01-14 08:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 09:01 --------- d-----w C:\Documents and Settings\Stephen\Application Data\Azureus
2007-12-28 11:51 --------- d-----w C:\Program Files\Azureus
2007-12-12 09:10 --------- d-----w C:\Documents and Settings\Stephen\Application Data\eBay
2007-12-12 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-12-11 07:59 --------- d-----w C:\Program Files\Intelore
2007-12-08 08:33 --------- d-----w C:\Program Files\DivoCodec
2007-12-08 07:44 --------- d-----w C:\Program Files\iPod
2007-12-08 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 07:40 --------- d-----w C:\Program Files\3wPlayer
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-04-24 01:13 26,104 ----a-w C:\Documents and Settings\Stephen\TB2Categories000.dat
2006-02-03 02:08 18,224 ----a-w C:\Documents and Settings\Stephen\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB317BA-6523-F263-6651-D1958C14780D}]
2006-07-08 19:20 0 d-------- C:\Program Files\Common Files\Microsoft Shared\Themes\blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 08:41 69632]
"CTHelper"="CTHELPER.EXE" [2003-02-21 09:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 02:09 32768]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00 270336]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 11:14 73728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-11 01:57 133016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 20:26 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:56 15360]

C:\Documents and Settings\Stephen\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 12:00:44 2301798]
Battery Doubler.lnk - C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-09-21 12:26:20 1534267]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 13:26:40 1874381]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 12:27:14 1446302]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rxx5ot]
rxx5ot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=WIKI.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2005-12-11 01:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a------ 2004-11-11 06:36 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2004-10-05 00:20 446464 C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]
C:\DOCUME~1\Stephen\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2006-07-29 22:07 188416 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a--c--- 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\b4 format\Program Files2\Yahoo!\Messenger\YahooMessenger.exe

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2006-08-06 00:13]
R2 WMP54GRSVC;WMP54GRSVC;"C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe" "WMP54GR.exe" []
R3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 09:58]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 14:48]
S2 Net message Service;Net message Service;C:\WINDOWS\system32\netmsg.exe []
S2 Win Common module;Win Common module;C:\WINDOWS\system32\servicemp.exe []
S2 Win PPPe;Win PPPe;C:\WINDOWS\system32\winser.exe []
S2 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe []
S3 avupdate2;AVupdate service interface X2;C:\WINDOWS\system32\avupdate2.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2003-03-04 16:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\dvdcheck.exe
\Shell\directx\command - DirectX9\dxsetup.exe
\Shell\setup\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\GoldenCompass.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\dvdcheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 14:42:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 16:37:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Integrator.exe
.
**************************************************************************
.
Completion time: 2008-02-03 16:41:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 05:41:48
ComboFix2.txt 2008-01-31 08:01:07
.
2008-01-09 16:02:32 --- E O F ---

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 03 February 2008 - 05:32 AM

Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the information into the registry,then restart your pc.
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rxx5ot]

Also post the new Hijackthis log as requested please.
Posted Image
Posted Image

#13 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 04 February 2008 - 03:24 AM

Its very slow to start up, it maybe the new anti virus?


log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:53 PM, on 4/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Alcohol Soft%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WMP54GR.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0CB317BA-6523-F263-6651-D1958C14780D} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iPrimus iSpeed\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131100068625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133649865897
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O20 - AppInit_DLLs: WIKI.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.v8supercar.com.au/livetiming/im...topbanner05.jpg

--
End of file - 9569 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 04 February 2008 - 04:34 AM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and double click on each of the following services:
Net message Service
Win Common module
Win PPPe
Windows sharing object

In the next window that opens,click their 'Stop' buttons.
Then change their 'Startup Types' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

Click Start>Run and type regedit then click OK.
Navigate to:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
Scroll down the left pane,locate the service names:
Net message Service
Win Common module
Win PPPe
Windows sharing object

Right click on each of them 'Delete'.
Exit regedit,restart your pc.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following if present,by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gFqhAI0wByc14D6
O8 - Extra context menu item: &Search - ?p=ZNfox000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe (file missing)
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#15 stephen351

stephen351
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 04 February 2008 - 11:39 PM

Its started up faster this time. I have Wireless internet, 1500 donwload speedm running via a Linksys router and card..
Its very slow, watching videos online are forever stopping and starting..

Here are my logs...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/04/2008 at 11:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:33:02

Memory items scanned : 534
Memory threats detected : 0
Registry items scanned : 6293
Registry threats detected : 0
File items scanned : 80245
File threats detected : 6

Adware.Tracking Cookie
C:\backedup stuff\Documents and Settings\Owner\Cookies\owner@ad2.pamedia.com[1].txt
C:\backedup stuff\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
C:\backedup stuff\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
C:\backedup stuff\Documents and Settings\Owner\Cookies\owner@server.cpmstar[1].txt

Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Adware.eXact Advertising
D:\PROGRAM FILES\GIANT COMPANY SOFTWARE\GIANT
ANTISPYWARE\QUARANTINE\FB8D67FA-98E7-4436-BF9A-6AC35F\FBC3035F-EDB3-42F5-ABDA-1045A7


HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:44 PM, on 5/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Alcohol Soft%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WMP54GR.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0CB317BA-6523-F263-6651-D1958C14780D} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iPrimus iSpeed\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131100068625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133649865897
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\
O23 - Service: WMP54GRSVC - GEMTEKS - C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.v8supercar.com.au/livetiming/im...topbanner05.jpg

--
End of file - 8429 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users