Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log please help!


  • This topic is locked This topic is locked
7 replies to this topic

#1 dan5

dan5

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 05 October 2005 - 01:25 PM

So i've gotten some sort of trojan and my computer is running really slow. With soem research i've discovered it's the "Services32" trojan (http://www.bleepingcomputer.com/startups/services32-12488.html).While doing some reasearch i also came across the rundll32 trojan (http://www.bleepingcomputer.com/startups/rundll32-4652.html). i've noticed this file "rundll32" appearing on my pc lately but i didn't think anything of it. I've run my norton antivirus (which is up to date) and spybot but they don't catch anything. Here is my HJT log; my pc is really screwy, can anyone please help??

Logfile of HijackThis v1.99.1
Scan saved at 2:20:12 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Autoruns\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RegisterDropHandler] f:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] f:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] f:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://infolot-cgm.mrnfp.gouv.qc.ca/ACGM/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

thanks!

BC AdBot (Login to Remove)

 


#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:30 PM

Posted 06 October 2005 - 07:28 PM

Hi Dan and welcome to Bleeping. :thumbsup:



Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Download and install Cleanup! from here.

Download FixAlcan.zip and unzip it to your desktop.

Download DeleteAlcan.zip and unzip it to your desktop.


Step 2

Reboot into Safe Mode - Very Important !!

Double-click on deletealcan.bat and and watch the command screen appear quickly while it deletes some files.

Double-click on Fixalcan.reg and confirm you wish to add the contents to the registry when prompted.


Step 3

Run HijackThis again and place a checkmark before the following entries (if still present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Step 4

Using Windows Explorer, locate and delete the following file & folders in bold:
(don't be concerned if you don't find them)

C:\Program Files\Common Files\mc-58-12-0000140.exe

C:\Program Files\MsUpdate\
C:\Program Files\MsConfigs\
C:\Program Files\winsupdater\
C:\Program Files\winupdate\
C:\Program Files\DNS
C:\Program Files\Common Files\Real\Toolbar\
C:\Program Files\Common Files\Windows\


Step 5

Warning: Cleanup removes EVERYTHING from your Temp/Temporary folders.

Please backup any programs/unsaved work you may have in these folders before running Cleanup!!

Start CleanUp! and click the Options button.
Make sure only the following are checked:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (XP only)
  • Scan local drives for temporary files
  • Cleanup! All Users
Click the Ok button to close the Options dialog.
Click the CleanUp! button to begin cleaning.
It may take a while depending on the size of the hard drive so be patient.
When it has finished, close CleanUp and reboot when prompted.

Step 6

Once back in Windows, run either of the following online virus scans (saving the scan report when complete):Step 7

The post a fresh HijackThis log and the online scan results in your next reply.



Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via your Bleeping My Control Panel above.
  • Keep all future replies in this thread please

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#3 dan5

dan5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 October 2005 - 07:30 AM

followed everything exactly

here's the hjt, virus scan is below
i don't know why my norton hasn't picked up all these viruses that this new scan did
also, my windows has gone from regular looking xp back to the windows 2000 looking, with the ugly grey windows and start bar, and i tried changing it in the display and all that but i can't get it. any suggestions?

Logfile of HijackThis v1.99.1
Scan saved at 8:27:25 AM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\SpywareDetectorSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Autoruns\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: BHOPopupSmasher Class - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - C:\WINDOWS\system32\BlockActivex.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RegisterDropHandler] f:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] f:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "F:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\system32\SDSystemTray.exe
O4 - HKLM\..\Run: [MonitorSD] C:\Program Files\SpywareDetector\SDMonitor.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\WINDOWS\system32\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\RunServices: [RegisterDropHandler] f:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] F:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://infolot-cgm.mrnfp.gouv.qc.ca/ACGM/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SpyDetectSVC - Max Secure Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)





KASPERSKY ON-LINE SCANNER REPORT
Friday, October 07, 2005 08:24:52
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/10/2005
Kaspersky Anti-Virus database records: 143542
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 86374
Number of viruses found: 17
Number of infected objects: 723
Number of suspicious objects: 8
Duration of the scan process: 4836 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Ely Bonder\My documents\My Music\downloads\22A956A5\Protected_07_23_2004_16_49_09.asf Infected: Trojan-Downloader.WMA.Wimad.a
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A47235 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01536256 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01686FC4 Infected: Backdoor.Win32.Rbot.adx
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01BD39CF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02027D84 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02474139 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\024A53A9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02B10FB0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02F843CA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03153FFF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\031705B8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\037D7BC0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03A733EA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03E371C7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03EF52AB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04341660 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\044967CF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0455240B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04795A14 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04AF5DD6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04BE1DC9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0504142C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\051553DE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\057B49E5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05E23FED Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\064835F4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0661746D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06662F3B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06AB72F0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06AE2BFC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06D25EE1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06F036A4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07142203 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07192BA1 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\077A180B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07E00E13 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0846041A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08AC7A22 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08B54602 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08DD0BCB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09224F80 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09671334 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A122643 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B0F24A7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B54685B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B6F0685 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B992C10 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDE6FC5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C1E76A5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D860137 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DCB44EC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1008A0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E414BAF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E72483A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EA741B7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0F0D37BE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0F732DC6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FD923CD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FFD5DC7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\104019D5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10876530 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\10A60FDC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\110C05E4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11727BEB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11D871F3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11DB78DD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\122F76A3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\123E67FB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12743A57 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12A45E02 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12B97E0C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12FE41C0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130A540A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1338591F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13714A11 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13D74019 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\142F4A72 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\143D3620 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14A32C28 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14A65333 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\14EB16E7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15305A9C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16E90AF5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\171D2FC3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17627377 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17987B15 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17A7372C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17E1445E Infected: Email-Worm.Win32.Mydoom.a
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18466B36 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18F55B57 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1950489E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19950C53 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19A44B78 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19D107AE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19DA5008 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A1F13BC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A377DB5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A9B3CCA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A9E73BD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B0469C4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B6A5FCC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BC7252F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BD055D3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BF81D0C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0C68E3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C364BDB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C512C98 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C9C41E3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CA60D2D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CE64120 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D0237EA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4B56B1 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D5F529B Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DB4163E Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DCF23F9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DE1620B Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DFB31EF Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E036D6E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E0F2DD9 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E351A01 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E3E01BF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E74436A Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E834573 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1E9B1008 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1EB25D8F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1EC80928 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F010610 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F604DB0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F677C17 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1FCD721F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20336826 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20583F02 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20701A9A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\207A0EA8 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20A1067D Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20B55E4F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20FA2203 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21B51F44 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21F9296E Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22630F65 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22E7772A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23127F85 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\232C3ADF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23717E94 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\246F5FC7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\251D4FE8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\255E53BB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25A3176F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25C839B4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25E85B24 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\262E2FBB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\269425C3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26C3315B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26FA1BCA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27105C8A Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\276011D2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2772217C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27906C96 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27C607DA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27D5304B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\281A73FF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2820119D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\282D7DE1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28475036/creditcard.htm.com Infected: Email-Worm.Win32.NetSky.b
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28475036 Infected: Email-Worm.Win32.NetSky.b
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\289373E9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28CF01BD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28F969F0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2952640E Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\295F5FF8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\297207EA Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\29C555FF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A074926 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A2B4C07 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A4C0CDB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A91420E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A91508F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2ADA5220 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AF73816 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2B5D2E1E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BC42425 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C396202 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C7E25B6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C803393 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CC3696B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2D082D20 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2D2F23B4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DDD13D4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2EB03E92 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2EF50246 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F3A45FB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F4D1579.exe Infected: Backdoor.Win32.Rbot.adx
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FDC6523 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FE96437 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30975458 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31281B22 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\315875B2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\316C5ED7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31B1228B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31BE6BBA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\31F43499 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\321161AC.dat Infected: P2P-Worm.Win32.SdDrop.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\322461C2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32310589.dat Infected: P2P-Worm.Win32.SdDrop.e
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32627B53.dat Infected: P2P-Worm.Win32.SdDrop.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\328B57C9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32EC25EC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32F14DD1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33372469.dat Infected: P2P-Worm.Win32.SdDrop.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\335743D8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\335A33FE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\339F77B2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33BD39E0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33E43B67 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34232FE7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34297F1B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3449062D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\348925EF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34EF1BF6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34F7764E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\355511FE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35BB0805 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35D1108E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36165442 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36227E0D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\365B17F7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36887415 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36EE6A1C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37546024 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37B136D1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38486D1E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\388D30D2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38D27487 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39571844 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A060865 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A7A05F9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3AB47886 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3ABF49AE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3B040D63 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3B495117 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CE931B1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CF1628A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D36263E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D4F27B9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6E3909 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7B69F3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DB51DC0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E1B13C8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8109CF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EE77FD7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F141A7C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F4D75DE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F683F1A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3FAD02CE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3FB36BE6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3FC30A9D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3FF24683 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\401961ED Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\408057F5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E64DFD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41206ADF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\414C4404 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\419A57F5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41B23A0C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41CE5B00 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41DF1BAA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42183013 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42245F5E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42285871 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42692313 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\427D4B20 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\427E261B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42E41C22 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\432B3B41 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\436671E4/document.htm .exe Infected: Email-Worm.Win32.Mydoom.a
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\436671E4 Infected: Email-Worm.Win32.Mydoom.a
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43B974BA Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43D91896 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43DA2B62 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43F36879 Infected: Email-Worm.Win32.NetSky.d
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44113485 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4456783A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\445E15B9 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44623FB5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\446569B2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\446813AE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\446B3DAA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\446F67A7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\447211A3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44753BA0 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4478659C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\447C0F98 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\447F3995 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44826391 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44850D8E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4489378A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\448C6186 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\448F0B83 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4492357F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44965F7C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44990978 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\449B3BEE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\449C3374 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44A05D71 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44A3076D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44A6316A Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44A95B66 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44AD0562 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44B02F5F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44B3595B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44B60358 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44BA2D54 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44BD5750 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44C0014D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44C32B49 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44C75546 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44CA7F42 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44CD293F Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44D1533B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44D47D37 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44D72734 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44DA5130 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44DE7B2D Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44E12529 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44E44F25 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44E77922 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44EB231E Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44EE4D1B Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44F17717 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44F42113 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44F84B10 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44FB750C Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44FE1F09 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45024905 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45057301 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45081CFE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\450B46FA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\450F70F7 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45121AF3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451544EF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45186EEC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451C18E8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451F42E5 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45226CE1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\452516DE Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\452940DA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\452C6AD6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\452F14D3 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45333ECF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\453668CC Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\453912C8 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\453C3CC4 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\454066C1 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\454310BD Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45463ABA Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\454964B6 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\454D0EB2 Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\455038AF Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\455362AB Infected: Worm.Win32.VB.an
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45560CA8 Infected:

#4 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:30 PM

Posted 07 October 2005 - 01:10 PM

i don't know why my norton hasn't picked up all these viruses that this new scan did
also, my windows has gone from regular looking xp back to the windows 2000 looking, with the ugly grey windows and start bar, and i tried changing it in the display and all that but i can't get it. any suggestions?

Kasperskey is only detecting items that have already been quarantined by Spybot and Norton so no need to worry about those.

Cleanup is responsible for the taskbar problem unfortunately and your machine is the last I will use it on until the new version 4.5 is released. :thumbsup:

The following fix should remedy the problem.
  • Go to Kelly's Korner:
  • Go to list item #187, and in the RHS column, click on "Restore Luna Theme" to download "Resources.zip".
  • Unzip that, (where ever you wish) and within those folders, navigate to the "luna.msstyles" (or "luna ..." whatever it may happen to be called on that machine) file only.
    Resources\Resources\Theme\Luna\luna.msstyles <<<this file
  • Right-click on the "luna ..."file (not the folder) and select "Copy" (to copy this file to the Clipboard).
  • Then, using Windows Explorer, (having first confirmed that all system and hidden files and folders are visible - See here for instructions) navigate to C:\Windows\Resources\Themes\Luna\luna ... <<<this file (if it exists) and drag it (the "luna ..." file, not the folder) out of the way (say, onto the desktop for temporary safe-keeping).
  • Paste in the new "luna ..." file to replace the one just removed (right-click on a blank area of the "Luna" folder, and select "Paste" in the menu that pops up).
  • Double-click on it (the "luna ..." file) and hey presto! XP Theme is back!
  • Then check the setting in Control Panel to confirm that XP Theme (as opposed to Classic Theme) is selected for the future.
  • Delete the old and unwanted files/folders that will no longer be required.
Remove these to be on the safe side as well:

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe


Let me know how you get on and how the machine is running in general (especially whether you can access regedit or not) so we can wrap things up now you appear to be clean. :flowers:

Edited by John_McKenna, 07 October 2005 - 03:54 PM.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#5 dan5

dan5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 October 2005 - 02:04 PM

Did everything you said
windows is back to normal view
my computer is running even better then before (9 had a little over a Gb free on C:\ drive, now after that CleanUp! program, i have over 3 Gbs free). Everything appears fine. I'm just wondering if there's any way to prevent all that bad stuff from coming back. Is there one or two great (free, preferably) malware/spyware programs that i should download and run to prevent infections? Should i keep CleanUp on my pc and run it every now and then, considering how much room it made on my drive (as well as making me realize that even though i thought i cleaned up all the free room in my drive through disk cleanup, i in fact did not)?
Thanks so much
Dan

also, i accidently didn't include everything in the virus scan, here are the rest (the onyl ones which aren't norton quarantined files):

G:\My Documents\YEJ\Inbox.mbx/[From "Ely Bonder" <ebonder@colba.net>][Date Wed, 21 Apr 1999 23:56:00 -0400 (EDT)]/Happy99.exe Infected: Email-Worm.Win32.Happy
G:\My Documents\YEJ\Inbox.mbx/[From Mail Delivery Subsystem <MAILER-DAEMON@mail.colba.net>][Date Sat, 24 Apr 1999 05:35:00 -0400 (EDT)]/UNNAMED/[From bhd1-s20.mtl.colba.net [207.107.152.30]]/UNNAMED/[From "Ely Bonder" <ebonder@colba.net>][Date Sat, 24 Apr 1999 03:01:23 -0400 (EDT)]/Happy99.exe Infected: Email-Worm.Win32.Happy
G:\My Documents\YEJ\Inbox.mbx/[From Mail Delivery Subsystem <MAILER-DAEMON@mail.colba.net>][Date Sat, 24 Apr 1999 05:35:00 -0400 (EDT)]/UNNAMED/[From bhd1-s20.mtl.colba.net [207.107.152.30]]/UNNAMED Infected: Email-Worm.Win32.Happy
G:\My Documents\YEJ\Inbox.mbx/[From Mail Delivery Subsystem <MAILER-DAEMON@mail.colba.net>][Date Sat, 24 Apr 1999 05:35:00 -0400 (EDT)]/UNNAMED Infected: Email-Worm.Win32.Happy
G:\My Documents\YEJ\Inbox.mbx Infected: Email-Worm.Win32.Happy
G:\Outlook\archive.pst/Archive Folders/ARCHIVED INBOX/01 Feb 2002 21:27 from Honey A. Dresher:Re: New Address of Ely B.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
G:\Outlook\archive.pst/Archive Folders/ARCHIVED INBOX/01 Feb 2002 21:27 from Honey A. Dresher:Re: New Address of Ely B/PICS.DOC.scr Infected: Email-Worm.Win32.BadtransII
G:\Outlook\archive.pst/Archive Folders/Sent Items/02 Feb 2002 15:05 to 'Honey A. Dresher':RE: New Address of Ely B.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
G:\Outlook\archive.pst Infected: Exploit.HTML.Iframe.FileDownload

Scan process completed.

Edited by dan5, 07 October 2005 - 02:09 PM.


#6 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:30 PM

Posted 07 October 2005 - 03:46 PM

You can indeed keep cleanup but to prevent that theme problem happening again, disable the "Scan local drives for temporary files" option before running it again.

The remainder of the scan log shows infected emails so you might want to check those out and delete them before one is accidently opened.


Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and renable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to disable and renable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Renable system restore with instructions from the tutorial above.


Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Safe Surfing

HJM :thumbsup:
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#7 dan5

dan5
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 October 2005 - 06:31 PM

you've been ridiculously helpful, i really appreciate it and am so glad i found this site
keep on rocking
dan

#8 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:30 PM

Posted 07 October 2005 - 07:35 PM

You're welcome dan,

You may be interested to know that the fix I posted was a beta fix but I'm pleased to say it worked perfectly as far as removing the infection was concerned.

Thanks for being my guinea pig !! :thumbsup:



Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users