Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Proxy Popups gone Wild


  • This topic is locked This topic is locked
9 replies to this topic

#1 Brian O

Brian O

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2010 - 12:47 PM

Got some crazy stuff going on with my computer, had a ton of symantec proxy email warnings popping up, used netstat to find the PID that was causing the problem and terminated it, that stopped the popups, rebooted into safe mode with networking, ran spybot and cleaned, then thought better of it and came here for help.

Malwarebytes has found some issues, am not going to delete them until you tell me, will include the MWB log as well.

DDS LOG

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by boldham at 10:26:31.56 on Wed 06/09/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1438 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\boldham.RNG\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NWEReboot]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwSetup.exe /Station
mRun: [Pdfquickview] c:\program files\pfu\scansnap\pdf thumbnail view\pdfquickview.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Spindown Utility] "c:\program files\western digital technologies\spindown\ExSpinDn.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [CorelGadget] Rundll32.exe "c:\program files\common files\ulead systems\gadget\GadgetEB.dll",LaunchGadget
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
StartupFolder: c:\docume~1\boldham.rng\startm~1\programs\startup\datein~1.lnk - c:\program files\dateintray\DateInTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netsen~1.lnk - c:\program files\fomine net send gui\NetSendGUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winfax~1.lnk - c:\program files\symantec\winfax\WTNSETUP.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-system: SetVisualStyle =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.9.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} - hxxp://www.shockwave.com/content/reaxxion/sis/HLGLauncher.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {F80B9305-A013-11D2-BD23-00A024978908} - file:///E:/viewer/accuradimage.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: {CBE6576F-2220-427F-9E94-BEE13183367B} = 10.10.3.10,209.63.0.6
TCP: {F62C6CB5-2045-41DB-A37D-CB0B73A8922B} = 10.10.3.10,209.63.0.6
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\wowctl2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\boldham.rng\applic~1\mozilla\firefox\profiles\kz8qr2qy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.rngmedcons.com/cdb2/cases.html
FF - plugin: c:\documents and settings\boldham.rng\application data\mozilla\firefox\profiles\kz8qr2qy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\photosynth\tech preview\nppsynth.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
S2 Crypto;Crypto;\??\c:\windows\system32\drivers\crypto.sys --> c:\windows\system32\drivers\Crypto.sys [?]
S2 Network SuperFax;Network SuperFax;c:\nwsf8\nwsf.exe [2009-12-10 1269760]
S2 RapidPortM3;RapidPortM3;c:\windows\system32\drivers\CAPM3LP.SYS [2006-12-1 22976]
S2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2007-5-24 43008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-18 24652]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
S3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [2006-5-14 45056]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 cpuz130;cpuz130;\??\c:\docume~1\boldham.rng\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\boldham.rng\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-14 12672]
S3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [2010-6-9 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-18 38224]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100608.004\naveng.sys [2010-6-9 85552]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100608.004\navex15.sys [2010-6-9 1347504]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-1-11 332928]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-12-1 11520]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-4-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys --> c:\windows\system32\drivers\sustucau.sys [?]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-5-14 3584]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-8-15 11520]

=============== Created Last 30 ================

2010-06-09 17:25:35 0 ----a-w- c:\documents and settings\boldham.rng\defogger_reenable
2010-06-08 23:12:00 0 d-----w- c:\windows\PRAGMApulbdwqbux
2010-06-08 23:11:52 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-08 23:11:37 20 ----a-w- c:\docume~1\boldham.rng\applic~1\ohipmn.dat
2010-06-05 18:21:57 8192 --sha-w- c:\windows\Thumbs.db
2010-06-03 07:42:39 0 d-----w- c:\windows\MVUNINST
2010-06-03 07:42:39 0 d-----w- c:\program files\Memorex exPressit Label Design Studio
2010-06-03 07:42:39 0 d-----w- c:\program files\common files\SureThing Shared
2010-06-03 02:36:31 90 ----a-w- c:\windows\AVControl.ini
2010-06-03 01:54:21 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-06-03 01:54:20 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-06-03 01:54:20 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-06-03 01:54:20 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-06-03 01:54:20 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-06-03 01:54:20 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-05-31 20:34:36 0 d-----w- c:\program files\SmartSound Software
2010-05-31 20:34:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2010-05-31 19:12:36 0 d-----w- c:\documents and settings\boldham.rng\Corel
2010-05-31 19:06:48 7520 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-05-31 19:06:48 168 --sh--r- c:\docume~1\alluse~1\applic~1\F947D326FC.sys
2010-05-31 19:01:32 0 d-----w- c:\windows\system32\windows media
2010-05-31 19:01:26 0 d--h--w- c:\windows\msdownld.tmp
2010-05-31 19:01:11 0 d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-05-31 18:59:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-05-31 18:57:53 0 d-----w- c:\program files\common files\Protexis
2010-05-31 18:54:54 0 d-----w- c:\program files\Windows Media Components
2010-05-31 18:54:40 0 d-----w- c:\program files\common files\Ulead Systems
2010-05-31 18:54:40 0 d-----w- c:\program files\common files\Corel
2010-05-31 18:54:19 0 d-----w- c:\program files\Corel
2010-05-18 18:55:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 18:08:48 0 d-----w- c:\docume~1\boldham.rng\applic~1\Malwarebytes
2010-05-18 18:08:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 18:08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:08:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 18:08:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-06-08 23:11:52 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 17:06:41 77824 ----a-w- c:\windows\system32\KCL310.dll
2010-04-21 17:06:41 16384 ----a-w- c:\windows\system32\KDB310.dll
2010-04-21 04:07:48 256 ----a-w- c:\documents and settings\boldham.rng\pool.bin
2010-03-18 01:57:25 72848 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 02:42:52 40448 ----a-w- c:\windows\inf\usbaapl.sys
2001-05-24 19:59:30 162304 ----a-w- c:\program files\UNWISE.EXE
2007-02-27 20:02:16 2 --sha-w- c:\windows\system32\WINDRV30.SYS
2008-07-28 21:36:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat

============= FINISH: 10:27:36.48 ===============





Malware Bytes Log File

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

6/9/2010 10:36:52 AM
mbam-log-2010-06-09 (10-36-52).txt

Scan type: Quick scan
Objects scanned: 140474
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\PRAGMApulbdwqbux (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Documents and Settings\boldham.RNG\Local Settings\Temporary Internet Files\Content.IE5\I6WRXE6E\396-direct[1].ex (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\PRAGMApulbdwqbux\PRAGMAd.sys (Trojan.DNSChanger) -> No action taken.

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:42 AM

Posted 09 June 2010 - 01:53 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Close all open programs as a reboot may be required.
  • Go to Start > Run, copy and paste the following into the text box and hit OK:

    "%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt

  • A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped.
  • If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manually
Please post the contents of the log, report.txt, in your next reply.

So long, and thanks for all the fish.

 

 


#3 Brian O

Brian O
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2010 - 01:55 PM

11:54:57:895 1284 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
11:54:57:895 1284 ================================================================================
11:54:57:895 1284 SystemInfo:

11:54:57:895 1284 OS Version: 5.1.2600 ServicePack: 3.0
11:54:57:895 1284 Product type: Workstation
11:54:57:895 1284 ComputerName: RG20
11:54:57:895 1284 UserName: boldham
11:54:57:895 1284 Windows directory: C:\WINDOWS
11:54:57:895 1284 Processor architecture: Intel x86
11:54:57:895 1284 Number of processors: 2
11:54:57:895 1284 Page size: 0x1000
11:54:57:895 1284 Boot type: Normal boot
11:54:57:895 1284 ================================================================================
11:54:58:254 1284 Initialize success
11:54:58:254 1284
11:54:58:254 1284 Scanning Services ...
11:54:58:395 1284 Raw services enum returned 410 services
11:54:58:410 1284
11:54:58:410 1284 Scanning Drivers ...
11:54:58:770 1284 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
11:54:58:817 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:54:58:848 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:54:58:879 1284 ADIDTSFiltService (175b51ddf26e9d06722beec50ac15a9a) C:\WINDOWS\system32\drivers\adidts.sys
11:54:58:926 1284 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:54:58:942 1284 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
11:54:58:973 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:54:59:020 1284 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:54:59:051 1284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:54:59:082 1284 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:54:59:129 1284 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
11:54:59:145 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:54:59:160 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:54:59:176 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:54:59:207 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:54:59:223 1284 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
11:54:59:254 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:54:59:270 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:54:59:301 1284 CBUSB (1ab1b4fb284f182d73af793db193d329) C:\WINDOWS\system32\drivers\CBUSB.sys
11:54:59:317 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:54:59:332 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:54:59:348 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:54:59:364 1284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:54:59:379 1284 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:54:59:598 1284 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
11:54:59:629 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:54:59:660 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:54:59:707 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:54:59:723 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:54:59:739 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:54:59:770 1284 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:54:59:817 1284 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:54:59:879 1284 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:54:59:942 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:55:00:067 1284 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:55:00:129 1284 EraserUtilDrv11010 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys
11:55:00:176 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:55:00:239 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:55:00:270 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:55:00:285 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:55:00:301 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:55:00:317 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:55:00:332 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:55:00:379 1284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:55:00:395 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:55:00:410 1284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:55:00:410 1284 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:55:00:426 1284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:55:00:457 1284 HSFHWBS2 (3e0b68288e468190a5bf4c2ef5998a18) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:55:00:520 1284 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:55:00:614 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:55:00:645 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:55:00:660 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:55:00:692 1284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:55:00:739 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:55:00:785 1284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:55:00:817 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:55:00:864 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:55:00:895 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:55:00:926 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:55:00:942 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:55:00:957 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:55:00:973 1284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:55:01:020 1284 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
11:55:01:067 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:55:01:098 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:55:01:129 1284 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:55:01:145 1284 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:55:01:176 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:55:01:192 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:55:01:223 1284 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:55:01:239 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:55:01:254 1284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:55:01:270 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:55:01:285 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:55:01:332 1284 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:55:01:379 1284 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
11:55:01:395 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:55:01:426 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:55:01:442 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:55:01:504 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:55:01:567 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:55:01:598 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:55:01:645 1284 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:55:01:660 1284 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:55:01:707 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:55:01:801 1284 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100608.004\naveng.sys
11:55:01:848 1284 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100608.004\navex15.sys
11:55:01:910 1284 NDIS (77e05a55a0142d14446beb9645b08b22) C:\WINDOWS\system32\drivers\NDIS.sys
11:55:01:926 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:55:01:942 1284 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:55:01:989 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:55:02:020 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:55:02:035 1284 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:55:02:067 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:55:02:098 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:55:02:129 1284 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:55:02:129 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:55:02:160 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:55:02:223 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:55:02:364 1284 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:55:02:504 1284 nvatabus (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\drivers\nvatabus.sys
11:55:02:520 1284 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:55:02:567 1284 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:55:02:598 1284 nvraid (9dcd6fdd6a84c4c466baa88ab7fce163) C:\WINDOWS\system32\drivers\nvraid.sys
11:55:02:629 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:55:02:676 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:55:02:738 1284 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:55:02:770 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:55:02:785 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:55:02:817 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:55:02:832 1284 PCI (21ef9607438762ea6b393359fcf4e6b0) C:\WINDOWS\system32\DRIVERS\pci.sys
11:55:02:832 1284 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 21ef9607438762ea6b393359fcf4e6b0, Fake md5: a219903ccf74233761d92bef471a07b1
11:55:02:832 1284 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 11:55:04:207 1284 Backup copy found, using it..
11:55:04:223 1284 will be cured on next reboot
11:55:04:301 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:55:04:348 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:55:04:410 1284 PORTIO (c5bd32a70808db0f8bc01ce80eea2c3a) C:\WINDOWS\system32\drivers\portio.sys
11:55:04:442 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:55:04:488 1284 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
11:55:04:504 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:55:04:551 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:55:04:629 1284 RapidPortM3 (56cc08d938435f88abff1ecc12bdd5e3) C:\WINDOWS\system32\Drivers\CAPM3LP.SYS
11:55:04:645 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:55:04:676 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:55:04:676 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:55:04:707 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:55:04:738 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:55:04:754 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:55:04:785 1284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:55:04:832 1284 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:55:04:832 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:55:04:863 1284 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
11:55:04:910 1284 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:55:04:973 1284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:55:05:020 1284 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
11:55:05:082 1284 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
11:55:05:098 1284 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
11:55:05:145 1284 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
11:55:05:160 1284 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
11:55:05:192 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:55:05:223 1284 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:55:05:223 1284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:55:05:254 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:55:05:285 1284 SetupSys (edbecd7f71e40521c8685f0b1f96d3a0) C:\WINDOWS\system32\drivers\SetupSys.sys
11:55:05:301 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:55:05:348 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:55:05:426 1284 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:55:05:488 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:55:05:520 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:55:05:551 1284 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:55:05:598 1284 sscdbus (97b57bbe06d9624e6e294da7c7339822) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
11:55:05:660 1284 sscdmdfl (23dbbcbff8f7527233fbf803b91f12ea) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
11:55:05:723 1284 sscdmdm (685e8d5a19c33e7ace7371f119dffb1b) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
11:55:05:738 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:55:05:770 1284 SUSTUCAM (e32735d18c56fd7aafec66d128edbc70) C:\WINDOWS\system32\DRIVERS\sustucam.sys
11:55:05:785 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:55:05:817 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:55:05:848 1284 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
11:55:05:895 1284 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:55:05:942 1284 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:55:05:973 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:55:06:035 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:55:06:082 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:55:06:098 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:55:06:129 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:55:06:160 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:55:06:176 1284 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
11:55:06:207 1284 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
11:55:06:254 1284 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
11:55:06:285 1284 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:55:06:348 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:55:06:395 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:55:06:410 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:55:06:442 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:55:06:457 1284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:55:06:473 1284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:55:06:488 1284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:55:06:504 1284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:55:06:551 1284 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:55:06:551 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:55:06:582 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:55:06:598 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:55:06:629 1284 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:55:06:645 1284 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:55:06:676 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:55:06:723 1284 WD_FireWire_HID (0aac22d28116e45b85e16021fd988a3a) C:\WINDOWS\system32\DRIVERS\wdfwhid.sys
11:55:06:785 1284 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:55:06:863 1284 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:55:06:895 1284 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:55:06:942 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:55:06:988 1284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:55:07:020 1284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:55:07:035 1284 Reboot required for cure complete..
11:55:07:113 1284 Cure on reboot scheduled successfully
11:55:07:113 1284
11:55:07:113 1284 Completed
11:55:07:113 1284
11:55:07:113 1284 Results:
11:55:07:113 1284 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:55:07:113 1284 File objects infected / cured / cured on reboot: 1 / 0 / 1
11:55:07:113 1284
11:55:07:113 1284 KLMD(ARK) unloaded successfully


#4 Brian O

Brian O
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2010 - 02:14 PM

Rebooted, the popups came back with a vengence, killed the prcess ccapp which I believe it the symantec mail scanning app and that at least stops the popups althought Im probably spamming someone to death as we speak

#5 Brian O

Brian O
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 June 2010 - 02:45 PM

Adding the log file from HJT as well

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:49 PM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\NWSF8\nwsf.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe
C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\boldham.RNG\Desktop\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station
O4 - HKLM\..\Run: [Pdfquickview] C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [CorelGadget] Rundll32.exe "c:\Program Files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: DateInTray.lnk = C:\Program Files\DateInTray\DateInTray.exe
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinFax PRO Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///D:/LTOCX14N.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...web.1.0.0.9.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} (Accurad Image Control) - file:///E:/viewer/accuradimage.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rng.local
O17 - HKLM\Software\..\Telephony: DomainName = rng.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE6576F-2220-427F-9E94-BEE13183367B}: NameServer = 10.10.3.10,209.63.0.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62C6CB5-2045-41DB-A37D-CB0B73A8922B}: NameServer = 10.10.3.10,209.63.0.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rng.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rng.local
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network SuperFax - IT Pacific Image - C:\NWSF8\nwsf.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 14821 bytes


#6 Brian O

Brian O
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 June 2010 - 01:06 PM

Still need assistance please

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:42 AM

Posted 10 June 2010 - 01:53 PM

Good evening. smile.gif

Please run MBAM and allow it to fix everything it finds and let me have the log that is produced.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you have done the above, work through the following:

Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#8 Brian O

Brian O
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 June 2010 - 05:24 PM

Ran the scans, had to point my gateway to a nonexistent address just so I could work without the endless emails trying to go out. direct linked into my home router and no popups occurred which was strange. Here are the logs and thank you for your response. MWB found 2 infections which I presume it cleaned on reboot, Ran the scan with Eset and it found 607 infections, did not clean as instructed...

Logs as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4185

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/10/2010 2:14:03 PM
mbam-log-2010-06-10 (14-14-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 284797
Time elapsed: 1 hour(s), 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.






ESET SCAN




C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC103B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC103E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC105F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1069.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC108D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC109.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1099.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10A3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10B1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10B8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10D3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10D6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC10F7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1116.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1119.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1132.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1153.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC116B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC118.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC119A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11A1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11AD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11C0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11C3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11C8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11D4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11DF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11EA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11ED.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11F4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC11FD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC12.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1207.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1218.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC121D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC123D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC123E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC124.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC124D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1278.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC127F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC131.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC131A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC137.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1375.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC139B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13C7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13CF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13D3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13DA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13DB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13E2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13EC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13EE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13F7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13FC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13FD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC13FE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1402.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1409.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC140B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1410.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1413.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1419.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC141E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1422.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC144C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1474.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1484.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1487.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC149C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC149D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14A0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14A1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14A5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14AA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14B2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14B9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14BA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14BD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14BE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14C0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14C1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14C2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14C5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14CB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14CD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14CE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14D1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14D2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14D5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14E5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14EA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14F0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC14F9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1507.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC150F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC151.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC151F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1521.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1529.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC152E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC152F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1531.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC153A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC153B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC153C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC153D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1548.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC154F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1568.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1573.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC157C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC158E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC159.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1596.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15C8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15EE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC15FE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC166.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1663.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC169.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16A7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16AD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC16FE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC172.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC173B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC175.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1771.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1777.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1778.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC177E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC178.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17AA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17D1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17D4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC17F8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1893.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC18B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC18CD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC18DE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC18F9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC19.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC190D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A2F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A51.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A68.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A8C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A8D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A99.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A9A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1A9B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AA0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AA6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AAA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AB0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AD6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1AE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B0A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B23.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B3B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B47.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B56.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B5F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B68.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B77.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B7A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B7B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B7E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B82.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B84.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B8D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B92.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B96.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B97.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B99.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B9A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B9E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1B9F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BA8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BA9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BB2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BB3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BB6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BBB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BD8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1BF2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1C2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1C32.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1C5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1C9A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1CC0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1CD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1CD3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1CE6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D03.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D14.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D1F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D2F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D4D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D5F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D64.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D6D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D6E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D71.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D7D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D84.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1D8C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1DCF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1DD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1DF8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1DF9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1DFA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E01.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E02.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E38.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E40.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E51.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E5B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E6C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E8E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1E9F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1EA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC1F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC206.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC21A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC22.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC225.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC226.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC227.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC228.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC229.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC23.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC235.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC239.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC23A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC23E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC24.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC248.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC24D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC24E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC25.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC255.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC26.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC266.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC26D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC27.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC27C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC27D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC28.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC281.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC283.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC28D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC28E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC29.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC292.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC293.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC297.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC298.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC299.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2AE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2B6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2B7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2BC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2BD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2C2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2C4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2D9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2E1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2EC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC2FD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC30.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC303.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC30A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC30B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC31.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC32.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC33.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC34.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC36.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC360.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC363.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC364.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC365.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC367.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC36F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC370.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC371.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC372.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC373.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC379.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC37E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC383.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC38C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC38F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC39.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC39C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3A6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3A7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3B3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3BC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3BD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3C2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3D1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3D4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3D7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3DE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3DF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3F6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC3F7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC406.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC41.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC42.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC420.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC421.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC422.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC43.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC437.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC438.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC44.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC44D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC44E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC45.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC464.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC46A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC47.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC48.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC482.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4A4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4A7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4A8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4B2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4B3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4B4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4C4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4CC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4E2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4E6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4E8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4E9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4EB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4ED.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4F1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC4FE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC509.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC50A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC50E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC512.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC517.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC519.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC52.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC52E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC53.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC53B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC53E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC54.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC55.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC555.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC56.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC565.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC57.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC58.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC58D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC58E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC59.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5E0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC5F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC60.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC61.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC610.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC63.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC65.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC657.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC66.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC67.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC69.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6B1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6D0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC6E3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC70.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC702.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC711.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC73.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC733.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC74.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC742.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC75.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC756.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC75D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC76.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC767.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC769.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC77.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC776.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC78.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC79E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7A2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7A7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7AA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7AE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7AF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7B8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7D0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC7F5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC802.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC83.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC84.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC85.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8BA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8BD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8C7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8CB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8CE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8D4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8DB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC8F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC90.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC91.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC92.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC92D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC92E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC936.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC939.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC93C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC93D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC94.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC949.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC94B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC957.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC959.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC95C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC97.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC98.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC983.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC993.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC99B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC99D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC99E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9A5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9A6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9A7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9B7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9CA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9E3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CC9FB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCA1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCA2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCA5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCA6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAA9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCAFC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB01.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB13.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB1B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB31.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB60.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB7B.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCB89.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBA6.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBDF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBE9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBF4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCBF9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC0E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC14.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC37.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC75.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC7A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC7D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC83.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC84.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCC8E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCCA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCCA1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCCB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCCFA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD0C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD1D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD1F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD21.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD4F.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD51.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD5C.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD61.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD75.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD8A.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD90.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCD93.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDA0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDAD.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDB1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDBB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDDB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDDE.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCDFC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE18.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE30.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE8.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE84.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCE9D.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCEA4.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCEB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCECB.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCED0.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCEE1.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCEF9.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCEFC.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCF.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCF24.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCF2E.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCF3.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCF52.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCFA.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCFB5.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCFB7.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Documents and Settings\boldham.RNG\Local Settings\Temp\CCFD2.tmp JS/TrojanDownloader.Pegel.BR trojan
C:\Program Files\Mass Downloader\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AE application
C:\Program Files\Mozilla Firefox\fjhdyfhsn.bat BAT/Agent.NGA trojan
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:42 AM

Posted 12 June 2010 - 01:55 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:42 AM

Posted 17 June 2010 - 02:26 PM

As there has been no reply for the last five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users